[CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[CVE-2020-17518] Apache Flink directory traversal attack: remote file writing through the REST API

rmetzger0
CVE-2020-17518: Apache Flink directory traversal attack: remote file writing through the REST API

Vendor:
The Apache Software Foundation

Versions Affected:
1.5.1 to 1.11.2

Description:
Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1.

Mitigation:
All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed.
The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.

Credits:
This issue was discovered by 0rich1 of Ant Security FG Lab