In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types.
We recommend users upgrade the version of Linkis to version 1.3.2.
For versions
<=1.3.1, we suggest turning on the file path check switch in linkis.properties
`wds.linkis.workspace.filesystem.owner.check=true`
`wds.linkis.workspace.filesystem.path.check=true`
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/04/10/1 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2023/04/18/4 | |
http://www.openwall.com/lists/oss-security/2023/04/19/3 | |
https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1 | Mailing List Vendor Advisory |
Configurations
History
No history.
Information
Published : 2023-04-10 08:15
Updated : 2024-10-22 16:35
NVD link : CVE-2023-27602
Mitre link : CVE-2023-27602
CVE.ORG link : CVE-2023-27602
JSON object : View
Products Affected
apache
- linkis
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type