Lookup for vulnerable packages by Package URL.
| Purl | pkg:maven/org.apache.linkis/linkis@1.3.2 |
|---|
| Type | maven |
|---|
| Namespace | org.apache.linkis |
|---|
| Name | linkis |
|---|
| Version | 1.3.2 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 1.3.2 |
|---|
| Latest_non_vulnerable_version | 1.8.0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-4tk2-kdjk-23a1 |
| vulnerability_id |
VCID-4tk2-kdjk-23a1 |
| summary |
Apache Linkis Unrestricted File Upload vulnerability
In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types.
We recommend users upgrade the version of Linkis to version 1.3.2.
For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties
`wds.linkis.workspace.filesystem.owner.check=true`
`wds.linkis.workspace.filesystem.path.check=true` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-27602, GHSA-x84r-jrqm-3hj8
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4tk2-kdjk-23a1 |
|
| 1 |
| url |
VCID-9x73-dsqh-zybf |
| vulnerability_id |
VCID-9x73-dsqh-zybf |
| summary |
Apache Linkis Authentication Bypass vulnerability
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.
We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-27987, GHSA-4x5h-xmv4-99wx
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9x73-dsqh-zybf |
|
| 2 |
| url |
VCID-d6jw-6tf4-4kec |
| vulnerability_id |
VCID-d6jw-6tf4-4kec |
| summary |
Apache Linkis Zip Slip issue
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.
We recommend users upgrade the version of Linkis to version 1.3.2. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-27603, GHSA-pj5j-w7mw-w797
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d6jw-6tf4-4kec |
|
| 3 |
| url |
VCID-k2nt-5799-zfcq |
| vulnerability_id |
VCID-k2nt-5799-zfcq |
| summary |
Apache Linkis DatasourceManager module has deserialization vulnerability
In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their version of Linkis to version 1.3.2. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-29216, GHSA-rrhf-32rq-f28h
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k2nt-5799-zfcq |
|
| 4 |
| url |
VCID-up1e-7r5s-jbgr |
| vulnerability_id |
VCID-up1e-7r5s-jbgr |
| summary |
Apache Linkis JDBC EngineConn has deserialization vulnerability
In Apache Linkis <=1.3.1, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a
deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.3.2. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-29215, GHSA-qm2h-m799-86rc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-up1e-7r5s-jbgr |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.2 |
|---|