linkis-entrance is vulnerable to remote code execution. The vulnerability exists in the onProgressUpdate
function of QueryPersistenceManager.java
, allowing an attacker to inject and execute malicious query parameters when an attacker has write access to the database and configures a JDBC EC with a MySQL data source with malicious parameters.