Skip to content

Apache Linkis arbitrary file deletion vulnerability

Moderate severity GitHub Reviewed Published Aug 2, 2024 to the GitHub Advisory Database • Updated Aug 16, 2024

Package

maven org.apache.linkis:linkis (Maven)

Affected versions

< 1.6.0

Patched versions

1.6.0

Description

In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on a user with an administrator account could delete any file accessible by the Linkis system user. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

References

Published by the National Vulnerability Database Aug 2, 2024
Published to the GitHub Advisory Database Aug 2, 2024
Reviewed Aug 2, 2024
Last updated Aug 16, 2024

Severity

Moderate

EPSS score

0.062%
(28th percentile)

Weaknesses

CVE ID

CVE-2024-27182

GHSA ID

GHSA-j6vx-r77h-44wc

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.