Critical severityNVD Advisory· Published Apr 10, 2023· Updated Feb 13, 2025
Apache Linkis publicsercice module unrestricted upload of file
CVE-2023-27602
Description
In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types.
We recommend users upgrade the version of Linkis to version 1.3.2.
For versions
<=1.3.1, we suggest turning on the file path check switch in linkis.properties
wds.linkis.workspace.filesystem.owner.check=true wds.linkis.workspace.filesystem.path.check=true
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.linkis:linkisMaven | < 1.3.2 | 1.3.2 |
Affected products
2- Apache Software Foundation/Apache Linkisv5Range: 0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-x84r-jrqm-3hj8ghsaADVISORY
- lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1ghsamailing-listvendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-27602ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/04/10/1ghsaWEB
- www.openwall.com/lists/oss-security/2023/04/18/4ghsaWEB
- www.openwall.com/lists/oss-security/2023/04/19/3ghsaWEB
News mentions
0No linked articles in our index yet.