admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2020-17518

Browse Source
This commit is contained in:
tardc 2021-01-06 17:40:06 +08:00
parent 6ce63806b4
commit 6720ff67f6
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Flink/CVE-2020-17518/CVE-2020-17518.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 606 KiB

9
Flink/CVE-2020-17518/README.md Normal file
View File

@ -0,0 +1,9 @@
# CVE-2020-17518 Apache Flink File Upload
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.
**[FOFA](https://fofa.so/result?q=app%3D%22Apache+Flink%22&qbase64=YXBwPSJBcGFjaGUgRmxpbmsi) query rule**: app="Apache Flink"
# Demo
![](CVE-2020-17518.gif)