CRLF Injection Affecting com.webank.wedatasphere.linkis:linkis-workspace Open this link in a new tab package, versions [0,]
Attack Complexity
High
Confidentiality
High
Integrity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JAVA-COMWEBANKWEDATASPHERELINKIS-572722
-
published
18 Jun 2020
-
disclosed
18 Jun 2020
-
credit
yangzhiyue
Introduced: 18 Jun 2020
CWE-93 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
com.webank.wedatasphere.linkis:linkis-workspace is a package that easily connect to various back-end computation/storage engines(Spark, Python, TiDB...), exposes various interfaces(REST, JDBC, Java ...), with multi-tenancy, high performance, and resource control.
Affected versions of this package are vulnerable to CRLF Injection via the download
function.