You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Chesnay Schepler (Jira)" <ji...@apache.org> on 2021/01/14 14:46:00 UTC

[jira] [Commented] (FLINK-20875) [CVE-2020-17518] Directory traversal attack: remote file writing through the REST API

    [ https://issues.apache.org/jira/browse/FLINK-20875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17264927#comment-17264927 ] 

Chesnay Schepler commented on FLINK-20875:
------------------------------------------

master: a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4
1.11: 275cc3bed101b8acf924033d7ce3fdeb921a24ae
1.10: e87607367e13c6cae8d19032e260fd5aa526aeba

> [CVE-2020-17518] Directory traversal attack: remote file writing through the REST API
> -------------------------------------------------------------------------------------
>
>                 Key: FLINK-20875
>                 URL: https://issues.apache.org/jira/browse/FLINK-20875
>             Project: Flink
>          Issue Type: Bug
>          Components: Runtime / REST
>    Affects Versions: 1.9.0
>            Reporter: Wong Mulan
>            Assignee: Robert Metzger
>            Priority: Blocker
>             Fix For: 1.12.0, 1.10.3, 1.11.3
>
>
> So many flink job of prod are running in version 1.10。



--
This message was sent by Atlassian Jira
(v8.3.4#803005)