We found results for “”
CVE-2023-27602
Good to know:
Date: April 10, 2023
In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`
Language: Java
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Unrestricted Upload of File with Dangerous Type
CWE-434Top Fix
Upgrade Version
Upgrade to version org.apache.linkis:linkis-storage-script-dev-server:1.3.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |