PT-2023-28114 · Apache · Apache Flink Stateful Functions

Andrea Cosentino

Publicado

2023-09-19

Atualizado

2023-09-22

CVE-2023-41834

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Flink Stateful Functions versions 3.1.0 through 3.2.0

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser.

Recommendations For Apache Flink Stateful Functions versions 3.1.0 through 3.2.0, users should upgrade to Apache Flink Stateful Functions version 3.3.0.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-113CWE-74

Identificadores relacionados

CVE-2023-41834

Produtos afetados

Apache Flink Stateful Functions

PT-2023-28114 · Apache · Apache Flink Stateful Functions

CVE-2023-41834

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8