CRLF Injection Affecting com.webank.wedatasphere.linkis:linkis-workspace Open this link in a new tab package, versions [0,]

Attack Complexity

High
Confidentiality

High
Integrity

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-COMWEBANKWEDATASPHERELINKIS-572722
published

18 Jun 2020
disclosed

18 Jun 2020
credit

yangzhiyue

Report a new vulnerability Found a mistake?

Introduced: 18 Jun 2020

CWE-93 Open this link in a new tab

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

com.webank.wedatasphere.linkis:linkis-workspace is a package that easily connect to various back-end computation/storage engines(Spark, Python, TiDB...), exposes various interfaces(REST, JDBC, Java ...), with multi-tenancy, high performance, and resource control.

Affected versions of this package are vulnerable to CRLF Injection via the download function.

References

GitHub PR

CRLF Injection Affecting com.webank.wedatasphere.linkis:linkis-workspace Open this link in a new tab package, versions [0,]

Attack Complexity

Confidentiality

Integrity

snyk-id

published

disclosed

credit

Introduced: 18 Jun 2020

How to fix?

Overview

References