CVE-2025-29847

A vulnerability in Apache Linkis.<br /> <br /> Problem Description<br /> When using the JDBC engine and da<br /> When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system&amp;#39;s checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters.<br /> <br /> Scope of Impact<br /> <br /> <br /> This issue affects Apache Linkis: from 1.3.0 through 1.7.0.<br /> <br /> Severity level<br /> <br /> <br /> moderate<br /> Solution<br /> Continuously check if the connection information contains the "%" character; if it does, perform URL decoding.<br /> <br /> Users are recommended to upgrade to version 1.8.0, which fixes the issue.<br /> <br /> <br /> <br /> <br /> More questions about this vulnerability can be discussed here:  https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve