Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-pj5j-w7mw-w797: Apache Linkis Zip Slip issue

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.

We recommend users upgrade the version of Linkis to version 1.3.2.

ghsa
#vulnerability#apache#git#rce

Apache Linkis Zip Slip issue

Critical severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Related news

CVE-2023-33544: Path Traversal when unzip zip file · Issue #2832 · hawtio/hawtio

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.

CVE-2023-27603

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.