CVE-2023-27603
published 2023-04-10CVE-2023-27603: In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.
We recommend users upgrade the version of Linkis to version 1.3.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | linkis | <= 1.3.1 | — |
| apache_software_foundation | apache_linkis | <= 1.3.1 | — |