by @mhzcyber
16 Apr 2023

CVE-2020-17519: Apache Flink Directory Traversal Vulnerability

by @mhzcyber
16 Apr 2023

CVE-2020-17519: Apache Flink Directory Traversal Vulnerability

CVEs

7.5 High Severity

Apps

F
FlinkApache
1.14.6.*
1.12.7.RC1
1.12.7.*
1.14.5.*
1.12.6.RC1
1.12.5.RC2
1.12.5.RC3
1.12.5.*
1.12.5.RC1
1.12.1.RC2

Screenshots from the blog posts

blog-posts/images/clgjszio81g880ks10up19n0l.gifblog-posts/images/clgjszio81g880ks10up19n0l.gif

Summary

In this analysis, we are going to break down CVE-2020-17519. Understand how the directory traversal vulnerability happened, how the apache flink software decodes the URL encoding, also understand how it accesses and processes the file, and finally, see the patch diffing, and understand how they patched the vulnerability.

Description

users/photos/clr6vsmml0vl21hn13643hl0n.jpg

@mhzcyber

68 posts

Security Researcher | Cyber Security Labs Developer | Upwork Top Rated CyberSecurity

Total vcoins

132.8K

Badges

badges/images/clemwgql90gww0jnxh6rbcqsr.png

Memelord

badges/images/clktw0fnh0pci1inadxpbcwpn.png

Shawarma King

Social media links

Comments (0)