What is the severity of CVE-2023-27603?

CVE-2023-27603 is classified as a potential remote code execution (RCE) vulnerability due to a Zip Slip issue.

How do I fix CVE-2023-27603?

To remediate CVE-2023-27603, users should upgrade Apache Linkis to version 1.3.2 or later.

Which versions of Apache Linkis are affected by CVE-2023-27603?

CVE-2023-27603 affects all versions of Apache Linkis up to and including 1.3.1.

What is a Zip Slip issue in the context of CVE-2023-27603?

A Zip Slip issue occurs when an application extracts files from a zip archive without properly validating the file paths, potentially leading to unauthorized file system access.

What type of applications are vulnerable due to CVE-2023-27603?

Applications using Apache Linkis versions 1.3.1 or earlier that handle ZIP file extraction incorrectly are vulnerable to CVE-2023-27603.

Vulnerability/
CVE-2023-27603

critical

9.8

CWE

22 434

10/4/2023

6/7/2023

22/10/2024

CVE-2023-27603: Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue

First published: Mon Apr 10 2023(Updated: )

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache Linkis	<=1.3.1
maven/org.apache.linkis:linkis	<1.3.2	1.3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-27603?
CVE-2023-27603 is classified as a potential remote code execution (RCE) vulnerability due to a Zip Slip issue.
How do I fix CVE-2023-27603?
To remediate CVE-2023-27603, users should upgrade Apache Linkis to version 1.3.2 or later.
Which versions of Apache Linkis are affected by CVE-2023-27603?
CVE-2023-27603 affects all versions of Apache Linkis up to and including 1.3.1.
What is a Zip Slip issue in the context of CVE-2023-27603?
A Zip Slip issue occurs when an application extracts files from a zip archive without properly validating the file paths, potentially leading to unauthorized file system access.
What type of applications are vulnerable due to CVE-2023-27603?
Applications using Apache Linkis versions 1.3.1 or earlier that handle ZIP file extraction incorrectly are vulnerable to CVE-2023-27603.

collector/nvd-index
agent/type
agent/title
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
collector/github-advisory-latest
source/GitHub
alias/GHSA-pj5j-w7mw-w797
alias/CVE-2023-27603
agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/description
agent/event
agent/softwarecombine
collector/nvd-cve
collector/github-advisory
agent/trending
agent/tags
agent/source
vendor/apache
canonical/apache linkis
version/apache linkis/1.3.1
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.