CNVD-2021-07119 — Vulnetix

CNVD-2021-07119 PUBLISHED

Apache Flink 是高效和分布式的通用数据处理平台。 Apache Flink产品存在任意文件写入漏洞，攻击者可以利用该漏洞读取服务器的敏感文件，借助硬编码凭证利用该漏洞对HMI配置文件进行读写操作并重置设备。

Affected Products

Vendor	Product	Versions
	Apache Flink

Exploit Intelligence

[CVE-2020-17518] Apache Flink RESTful API Arbitrary File Upload via Directory Traversal (github-poc-repo)
利用Apache Flink CVE-2020-17518 getshell (github-poc-repo)
利用Apache Flink CVE-2020-17518 getshell (github-poc)
[CVE-2020-17518] Apache Flink RESTful API Arbitrary File Upload via Directory Traversal (github-poc)
QmF0c3UK/CVE-2020-17518 (github-poc)
web_poc_map_v2.yaml (github-poc)
Nuclei Template: CVE-2020-17518 (nuclei-template)

Timeline

Jan 6, 2021 CVE ID Reserved
Jan 28, 2021 CVE Published

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›