{"url":"http://public2.vulnerablecode.io/api/packages/63391?format=json","purl":"pkg:maven/org.apache.linkis/linkis@1.3.2","type":"maven","namespace":"org.apache.linkis","name":"linkis","version":"1.3.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.5.0","latest_non_vulnerable_version":"1.8.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17996?format=json","vulnerability_id":"VCID-4tk2-kdjk-23a1","summary":"Apache Linkis Unrestricted File Upload vulnerability\nIn Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types.\n\nWe recommend users upgrade the version of Linkis to version 1.3.2.\n\nFor versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties\n\n`wds.linkis.workspace.filesystem.owner.check=true`\n`wds.linkis.workspace.filesystem.path.check=true`","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27602","reference_id":"","reference_type":"","scores":[{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.80078","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27602"},{"reference_url":"https://github.com/apache/linkis","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/linkis"},{"reference_url":"https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/"}],"url":"https://lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/10/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/04/10/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/18/4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/04/18/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/19/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/04/19/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27602","reference_id":"CVE-2023-27602","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27602"},{"reference_url":"https://github.com/advisories/GHSA-x84r-jrqm-3hj8","reference_id":"GHSA-x84r-jrqm-3hj8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x84r-jrqm-3hj8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63391?format=json","purl":"pkg:maven/org.apache.linkis/linkis@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.2"}],"aliases":["CVE-2023-27602","GHSA-x84r-jrqm-3hj8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tk2-kdjk-23a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18003?format=json","vulnerability_id":"VCID-9x73-dsqh-zybf","summary":"Apache Linkis Authentication Bypass vulnerability\nIn Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values.\n\nWe recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27987","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47743","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27987"},{"reference_url":"https://github.com/apache/linkis","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/linkis"},{"reference_url":"https://linkis.apache.org/docs/latest/auth/token","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://linkis.apache.org/docs/latest/auth/token"},{"reference_url":"https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-17T20:20:28Z/"}],"url":"https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/04/10/3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-17T20:20:28Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/04/10/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27987","reference_id":"CVE-2023-27987","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27987"},{"reference_url":"https://github.com/advisories/GHSA-4x5h-xmv4-99wx","reference_id":"GHSA-4x5h-xmv4-99wx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4x5h-xmv4-99wx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63391?format=json","purl":"pkg:maven/org.apache.linkis/linkis@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.2"}],"aliases":["CVE-2023-27987","GHSA-4x5h-xmv4-99wx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9x73-dsqh-zybf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17991?format=json","vulnerability_id":"VCID-d6jw-6tf4-4kec","summary":"Apache Linkis Zip Slip issue\nIn Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.\n\n\nWe recommend users upgrade the version of Linkis to version 1.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27603","reference_id":"","reference_type":"","scores":[{"value":"0.00941","scoring_system":"epss","scoring_elements":"0.76572","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27603"},{"reference_url":"https://github.com/apache/linkis","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/linkis"},{"reference_url":"https://lists.apache.org/thread/6n1vlvnyn441rm02zdqc0wnpckj8ltn8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:22:15Z/"}],"url":"https://lists.apache.org/thread/6n1vlvnyn441rm02zdqc0wnpckj8ltn8"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/04/10/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:22:15Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/04/10/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27603","reference_id":"CVE-2023-27603","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27603"},{"reference_url":"https://github.com/advisories/GHSA-pj5j-w7mw-w797","reference_id":"GHSA-pj5j-w7mw-w797","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pj5j-w7mw-w797"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63391?format=json","purl":"pkg:maven/org.apache.linkis/linkis@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.2"}],"aliases":["CVE-2023-27603","GHSA-pj5j-w7mw-w797"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6jw-6tf4-4kec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17312?format=json","vulnerability_id":"VCID-k2nt-5799-zfcq","summary":"Apache Linkis DatasourceManager module has deserialization vulnerability\nIn Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their version of Linkis to version 1.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29216","reference_id":"","reference_type":"","scores":[{"value":"0.04863","scoring_system":"epss","scoring_elements":"0.89712","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29216"},{"reference_url":"https://github.com/apache/linkis","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/linkis"},{"reference_url":"https://linkis.apache.org/download/release-notes-1.3.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://linkis.apache.org/download/release-notes-1.3.2"},{"reference_url":"https://lists.apache.org/thread/18vv0m32oy51nzk8tbz13qdl5569y55l","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:20:54Z/"}],"url":"https://lists.apache.org/thread/18vv0m32oy51nzk8tbz13qdl5569y55l"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/10/5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:20:54Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/04/10/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29216","reference_id":"CVE-2023-29216","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29216"},{"reference_url":"https://github.com/advisories/GHSA-rrhf-32rq-f28h","reference_id":"GHSA-rrhf-32rq-f28h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rrhf-32rq-f28h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63391?format=json","purl":"pkg:maven/org.apache.linkis/linkis@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.2"}],"aliases":["CVE-2023-29216","GHSA-rrhf-32rq-f28h"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2nt-5799-zfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17305?format=json","vulnerability_id":"VCID-up1e-7r5s-jbgr","summary":"Apache Linkis JDBC EngineConn has deserialization vulnerability\nIn Apache Linkis <=1.3.1, due to the lack of effective filtering\nof parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a\ndeserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be block listed. Versions of Apache Linkis <= 1.3.0 will be affected.\nWe recommend users upgrade the version of Linkis to version 1.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29215","reference_id":"","reference_type":"","scores":[{"value":"0.04863","scoring_system":"epss","scoring_elements":"0.89712","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29215"},{"reference_url":"https://github.com/apache/linkis","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/linkis"},{"reference_url":"https://github.com/apache/linkis/commit/7005c01d7f7bca78322447f4f2f32b8398645687","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/linkis/commit/7005c01d7f7bca78322447f4f2f32b8398645687"},{"reference_url":"https://linkis.apache.org/download/release-notes-1.3.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://linkis.apache.org/download/release-notes-1.3.2"},{"reference_url":"https://lists.apache.org/thread/o682wz1ggq491ybvjwokxvcdtnzo76ls","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:26:45Z/"}],"url":"https://lists.apache.org/thread/o682wz1ggq491ybvjwokxvcdtnzo76ls"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/10/4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:26:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/04/10/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29215","reference_id":"CVE-2023-29215","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29215"},{"reference_url":"https://github.com/advisories/GHSA-qm2h-m799-86rc","reference_id":"GHSA-qm2h-m799-86rc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qm2h-m799-86rc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63391?format=json","purl":"pkg:maven/org.apache.linkis/linkis@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.2"}],"aliases":["CVE-2023-29215","GHSA-qm2h-m799-86rc"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-up1e-7r5s-jbgr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.linkis/linkis@1.3.2"}