CVE-2024-27182
Apache Linkis arbitrary file deletion vulnerability
4.9
MEDIUM
CVSS 3.1
EPSS 0.31%
Description
In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on a user with an administrator account could delete any file accessible by the Linkis system user. Users are recommended to upgrade to version 1.6.0, which fixes this issue.
How to fix CVE-2024-27182
To remediate CVE-2024-27182, upgrade the affected package to a fixed version below.
- —upgrade to 1.6.0 or later
Is CVE-2024-27182 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |