Laihan

**Name of the Vulnerable Software and Affected Versions** Apache Linkis versions <=1.3.1 **Description** The PublicService module in Apache Linkis uploads files without restrictions on the path to the uploaded files and file types. **Recommendations** For versions <=1.3.1, upgrade to version 1.3.2. For versions <=1.3.1, turn on the file path check switch in linkis.properties by setting `wds.linkis.workspace.filesystem.owner.check=true` and `wds.linkis.workspace.filesystem.path.check=true`.

**Name of the Vulnerable Software and Affected Versions** Apache Linkis versions 1.3.1 and earlier **Description** The issue arises due to the default token generated by Linkis Gateway deployment being too simple, making it easy for attackers to obtain the default token for the attack. Generation rules should add random values. **Recommendations** For Apache Linkis versions 1.3.1 and earlier, upgrade the version of Linkis to version 1.3.2 and modify the default token value. As a temporary workaround, consider modifying the default token value to add random values until a patch is available. Restrict access to the default token to minimize the risk of exploitation.