CVE-2020–17519: Apache Flink Directory Traversal Vulnerability by vsociety

Directory Traversal in Apache Flink version 1.11.0, 1.11.1, and 1.11.2 has been found and registered as #CVE-2020–17519

The researcher talking about Apache Flink and what it is, introducing some graphs that explain it.

Also some info of shodan about the number of the servers that use Apache Flink

The researchers in vsociety explained:

• Background Story
• They build the testing lab for this analysis and explained it
• How to setup the debugger to debug the solution later
• The researcher reproduced the vulnerability showing how to exploit it
• Performing static analysis and code review
• Performing dynamic analysis and debugging
• Mitigation
• Patch diffing
• and finally, some final thoughts
• Read the full blog from here:

CVE-2020-17519: Apache Flink Directory Traversal Vulnerability - vsociety

• Check vsociety from here:

Home - vsociety

• To join vsociety and get paid for such researchers. contact me on linkedin:

https://www.linkedin.com/in/mhzcyber/