CVE-2020-17518

Path Traversal in maven/org.apache.flink/flink-metrics-core

Identifier

CVE-2020-17518

Package Slug

maven/org.apache.flink/flink-metrics-core

Vulnerability

Path Traversal

Description

Apache Flink introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink All users should upgrade to Flink if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.`

Affected Versions

All versions starting from 1.5.1 before 1.11.3

Solution

Upgrade to version 1.11.3 or above.

Last Modified

2021-01-12

source