In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.

We recommend users upgrade the version of Linkis to version 1.3.2.

Affected Packages

Maven org.apache.linkis:linkis

Affected versions: 0 (fixed in 1.3.2)

Related CVEs

CVE-2023-27603

Key Information

GHSA ID

GHSA-pj5j-w7mw-w797

Published

July 6, 2023 7:24 PM

Last Modified

October 22, 2024 7:05 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.linkis:linkis

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.