CVE-2020-17518
Description
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.
- CVSS Version 3.1
- CVSS Version 2.0
nvd
CVE ID: CVE-2020-17518
Base Score: 7.5
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9
nvd
CVE ID: CVE-2020-17518
Base Score: 5.0
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:N/C:N/I:P/A:N
Proof Of Concept
Nuclei Templates for CVE-2020-17518
Refrence: Project Discovery GitHub
QmF0c3UK
Refrence: GitHub
murataydemir
[CVE-2020-17518] Apache Flink RESTful API Arbitrary File Upload via Directory Traversal
Refrence: GitHub
rakjong
利用Apache Flink CVE-2020-17518 getshell
Refrence: GitHub
Content on GitHub
zhzyker | watchers:3383
vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Refrence: GitHub
Refrence: NVD