Apache · Apache Flink · CVE-2020-17518
Name of the Vulnerable Software and Affected Versions:
Apache Flink versions 1.5.1
Description:
A REST handler in Apache Flink allows writing an uploaded file to any location on the local file system through a maliciously modified HTTP HEADER. This issue enables files to be written to any location accessible by the software.
Recommendations:
For Apache Flink version 1.5.1, upgrade to Flink 1.11.3 or 1.12.0, especially if the Flink instance is exposed.