In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.


We recommend users upgrade the version of Linkis to version 1.3.2.



Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 22 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-10-22T15:24:50.114Z

Reserved: 2023-03-04T10:49:03.741Z

Link: CVE-2023-27603

cve-icon Vulnrichment

Updated: 2024-08-02T12:16:36.515Z

cve-icon NVD

Status : Modified

Published: 2023-04-10T08:15:07.133

Modified: 2024-11-21T07:53:14.660

Link: CVE-2023-27603

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.