In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.
We recommend users upgrade the version of Linkis to version 1.3.2.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/6n1vlvnyn441rm02zdqc0wnpckj8ltn8 | Mailing List Vendor Advisory |
https://www.openwall.com/lists/oss-security/2023/04/10/2 | Mailing List |
Configurations
History
14 Apr 2023, 19:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-10 08:15
Updated : 2024-10-22 16:35
NVD link : CVE-2023-27603
Mitre link : CVE-2023-27603
CVE.ORG link : CVE-2023-27603
JSON object : View
Products Affected
apache
- linkis
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')