org.apache.linkis:linkis-storage-script-dev-server is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate the uploaded file paths, and file types, allowing an attacker to bypass restrictions and upload malicious files to the server.
www.openwall.com/lists/oss-security/2023/04/10/1
www.openwall.com/lists/oss-security/2023/04/18/4
www.openwall.com/lists/oss-security/2023/04/19/3
github.com/apache/linkis/commit/8244bd1c3d49a7528085a9357ab6976287cf51ac
github.com/apache/linkis/pull/4366
lists.apache.org/thread/wt70jfc0yfs6s5g0wg5dr5klnc48nsp1