CVE-2023-27603

CRITICAL

Apache Linkis <=1.3.1 - Path Traversal via Zip Slip in EngineConn Material Upload

Title source: llm

Description

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.

References (2)

Core 2

Core References

Mailing List

https://www.openwall.com/lists/oss-security/2023/04/10/2

Mailing List, Vendor Advisory mailing-list vendor-advisory

https://lists.apache.org/thread/6n1vlvnyn441rm02zdqc0wnpckj8ltn8

Scores

CVSS v3 9.8

EPSS 0.0094

EPSS Percentile 76.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-22

Status published

Products (2)

apache/linkis < 1.3.1

org.apache.linkis/linkis 0 - 1.3.2Maven

Published Apr 10, 2023

Tracked Since Feb 18, 2026