CVE-2020-17518

Description

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.

NVD
Severity: HIGH
CVE ID: CVE-2020-17518
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-17518

Refrence: Project Discovery GitHub

QmF0c3UK

Refrence: GitHub

murataydemir

[CVE-2020-17518] Apache Flink RESTful API Arbitrary File Upload via Directory Traversal

Refrence: GitHub

rakjong

利用Apache Flink CVE-2020-17518 getshell

Refrence: GitHub

Content on GitHub

zhzyker | watchers:3278

vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub