PT-2023-28114 · Apache · Apache Flink Stateful Functions
Andrea Cosentino
·
Published
2023-09-19
·
Updated
2023-09-22
·
CVE-2023-41834
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Flink Stateful Functions versions 3.1.0 through 3.2.0
Description
The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser.
Recommendations
For Apache Flink Stateful Functions versions 3.1.0 through 3.2.0, users should upgrade to Apache Flink Stateful Functions version 3.3.0.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Flink Stateful Functions