Re: CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file

[peacewong <peacewong () apache org>]

Hi  Seth Arnold,
    Thank you for your reply, I will modify the content according to the
process

Best Regards,
Peace Wong

Seth Arnold <seth.arnold () canonical com> 于2023年4月18日周二 09:27写道：

> On Mon, Apr 10, 2023 at 06:14:37AM +0000, Heping Wang wrote:
> > https://linkis.apache.org
> > https://www.cve.org/CVERecord?id=CVE-2023-27602
>
> Hello Heping, thanks for contacting the oss-security mail list about this
> security issue in an Apache project.
>
> I'd like to suggest that your email would be far more useful if
> it included some details like affected versions: ideally, when a
> vulnerability was introduced, and definitely, when it was fixed, if a
> fix is available. Best would be a direct link to a patch in a source
> control system, or attaching the patch directly.
>
> This particular email has very few details and no references for a fix so
> it is very difficult for anyone to take concrete actions.
>
> Here's two recent postings that are far easier for downstream distributors
> and consumers alike to use:
> https://www.openwall.com/lists/oss-security/2023/04/04/1
> https://www.openwall.com/lists/oss-security/2023/03/21/3
>
> I'd like to encourage Apache to use these as inspiration for future
> oss-security postings.
>
> Thanks