Описание
Apache Linkis Zip Slip issue
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.
We recommend users upgrade the version of Linkis to version 1.3.2.
Пакеты
Наименование
org.apache.linkis:linkis
maven
Затронутые версииВерсия исправления
< 1.3.2
1.3.2
Связанные уязвимости
CVSS3: 9.8
nvd
почти 3 года назад
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.