You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "nate (Jira)" <ji...@apache.org> on 2021/01/11 02:17:00 UTC
[jira] [Updated] (FLINK-20916) Typo in test for CVE-2020-17519
[ https://issues.apache.org/jira/browse/FLINK-20916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
nate updated FLINK-20916:
-------------------------
Description:
The [testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath|https://github.com/apache/flink/blob/b561010b0ee741543c3953306037f00d7a9f0801/flink-runtime/src/test/java/org/apache/flink/runtime/rest/handler/cluster/JobManagerCustomLogHandlerTest.java#L149] test for CVE-2020-17519 Path Traversal has a typo that causes it to inaccurately test for the vuln.
It uses for format string "..%%252%s" when it should be "..%%252f%s".
was:
The testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath test for CVE-2020-17519 Path Traversal has a typo that causes it to inaccurately test for the vuln.
It uses for format string "..%%252%s" when it should be "..%%252f%s".
> Typo in test for CVE-2020-17519
> -------------------------------
>
> Key: FLINK-20916
> URL: https://issues.apache.org/jira/browse/FLINK-20916
> Project: Flink
> Issue Type: Bug
> Components: Runtime / REST
> Reporter: nate
> Priority: Trivial
>
>
> The [testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath|https://github.com/apache/flink/blob/b561010b0ee741543c3953306037f00d7a9f0801/flink-runtime/src/test/java/org/apache/flink/runtime/rest/handler/cluster/JobManagerCustomLogHandlerTest.java#L149] test for CVE-2020-17519 Path Traversal has a typo that causes it to inaccurately test for the vuln.
> It uses for format string "..%%252%s" when it should be "..%%252f%s".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)