CVE-2023-27603: Apache Linkis Zip Slip issue

July 6, 2023 (updated October 22, 2024)

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.

We recommend users upgrade the version of Linkis to version 1.3.2.

References

github.com/advisories/GHSA-pj5j-w7mw-w797
github.com/apache/linkis
lists.apache.org/thread/6n1vlvnyn441rm02zdqc0wnpckj8ltn8
nvd.nist.gov/vuln/detail/CVE-2023-27603
www.openwall.com/lists/oss-security/2023/04/10/2

Detect and mitigate CVE-2023-27603 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →