CVE-2023-27603

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*

History

14 Apr 2023, 19:45

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-10 08:15

Updated : 2024-10-22 16:35


NVD link : CVE-2023-27603

Mitre link : CVE-2023-27603

CVE.ORG link : CVE-2023-27603


JSON object : View

Products Affected

apache

  • linkis
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')