CVE-2024-27182: 
Java vulnerability analysis and mitigation

Apache Linkis versions 1.3.2 through 1.5.0 contain an arbitrary file deletion vulnerability in the Basic management services component. The vulnerability, identified as CVE-2024-27182, was discovered and disclosed in August 2024, affecting the engine material management functionality (NVD, Security Online).

The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. It is classified under CWE-552 (Files or Directories Accessible to External Parties). The vulnerability allows users with administrator privileges to delete any file that is accessible by the Linkis system user (NVD).

The vulnerability could lead to unauthorized file deletion within the system, potentially causing data loss or disruption of critical operations. Any file accessible by the Linkis system user could be deleted by an administrator account, which could significantly impact system integrity and availability (Security Online).

Users are strongly recommended to upgrade to Apache Linkis version 1.6.0, which contains the fix for this vulnerability. This is the primary and most effective mitigation strategy provided by the vendor (OSS Security, Apache Advisory).