CVE编号
CVE-2020-17518利用情况
漏洞武器化补丁情况
官方补丁披露时间
2021-01-06漏洞描述
Flink核心是一个流式的数据流执行引擎,其针对数据流的分布式计算提供了数据分布、数据通信以及容错机制等功能。Flink 1.5.1引入了REST API,但其实现上存在多处缺陷,导致目录遍历和任意文件写入漏洞,风险较大。解决建议
升级至安全版本。
参考链接 |
|
|---|---|
| http://www.openwall.com/lists/oss-security/2021/01/05/1 | |
| https://lists.apache.org/thread.html/r0b000dc028616d33cb9aa388eb45d516b789cab... | |
| https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd... | |
| https://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45d... | |
| https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5... | |
| https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac... | |
| https://lists.apache.org/thread.html/r4a87837518804b31eb9db3048347ed2bb7b46fb... | |
| https://lists.apache.org/thread.html/r5444acac3407ef6397d6aef1b5aec2db53b4b88... | |
| https://lists.apache.org/thread.html/r705fb2211b82c9f1f8d2b1d4c823bcbca50402b... | |
| https://lists.apache.org/thread.html/r710693b0d3b229c81f485804ea1145b4edda79c... | |
| https://lists.apache.org/thread.html/r7b2ee88c66fc1d0823e66475631f5c3e7f03652... | |
| https://lists.apache.org/thread.html/r8167f30c4c60a11b8d5be3f55537beeda629be6... | |
| https://lists.apache.org/thread.html/r88200d2f0b620c6b4b1585a7171355005c89e67... | |
| https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86b... | |
| https://lists.apache.org/thread.html/ra8c96bf3ccb4e491f9ce87ba35f134b4449beb2... | |
| https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec... | |
| https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec... | |
| https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec... | |
| https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec... | |
| https://lists.apache.org/thread.html/rcb9e8af775f2a3706b69153aefde78f20887164... | |
| https://lists.apache.org/thread.html/rd2467344f88bcaf108b8209ca92da8ec393c681... | |
| https://lists.apache.org/thread.html/rd6a1a0e2d73220a65a8f6535bbcd24bb66adb0d... | |
| https://lists.apache.org/thread.html/rec0d650fbd4ea1a5e1224a347d83a63cb44291c... | |
| https://lists.apache.org/thread.html/rf8812a5703f4a5f1341138baf239258b2508756... | |
| https://lists.apache.org/thread.html/rfe159ccf496d75813f24c6079c5d33872d83f5a... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | apache | flink | * |
From (including) 1.5.1 |
Up to (excluding) 1.11.3 |
||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 越权影响
- EXP成熟度 漏洞武器化
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 无影响
- 全网数量 1000
还没有评论,来说两句吧...