CVE-2023-27602 Information

Description

In Apache Linkis <=1.3.1 The PublicService module uploads files without restrictions on the path to the uploaded files and file types.

We recommend users upgrade the version of Linkis to version 1.3.2. 

For versions

<=1.3.1 we suggest turning on the file path check switch in linkis.properties

wds.linkis.workspace.filesystem.owner.check=true wds.linkis.workspace.filesystem.path.check=true

Reference

https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1 http://www.openwall.com/lists/oss-security/2023/04/10/1