CVE-2023-27602

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2.  For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:linkis:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-10 08:15

Updated : 2024-10-22 16:35


NVD link : CVE-2023-27602

Mitre link : CVE-2023-27602

CVE.ORG link : CVE-2023-27602


JSON object : View

Products Affected

apache

  • linkis
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type