You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Chesnay Schepler (Jira)" <ji...@apache.org> on 2021/01/14 14:46:00 UTC
[jira] [Commented] (FLINK-20875) [CVE-2020-17518] Directory
traversal attack: remote file writing through the REST API
[ https://issues.apache.org/jira/browse/FLINK-20875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17264927#comment-17264927 ]
Chesnay Schepler commented on FLINK-20875:
------------------------------------------
master: a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4
1.11: 275cc3bed101b8acf924033d7ce3fdeb921a24ae
1.10: e87607367e13c6cae8d19032e260fd5aa526aeba
> [CVE-2020-17518] Directory traversal attack: remote file writing through the REST API
> -------------------------------------------------------------------------------------
>
> Key: FLINK-20875
> URL: https://issues.apache.org/jira/browse/FLINK-20875
> Project: Flink
> Issue Type: Bug
> Components: Runtime / REST
> Affects Versions: 1.9.0
> Reporter: Wong Mulan
> Assignee: Robert Metzger
> Priority: Blocker
> Fix For: 1.12.0, 1.10.3, 1.11.3
>
>
> So many flink job of prod are running in version 1.10。
--
This message was sent by Atlassian Jira
(v8.3.4#803005)