Security Advisory

CVE-2023-27602

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-04-10 07:36:28

Last updated 2025-02-13 16:45:29

Assigner apache

State PUBLISHED

Description

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`

← Browse all CVEs View on cve.org ↗