CVE-2020–17519: Apache Flink Directory Traversal Vulnerability by vsociety
2 min readMay 15, 2023
Directory Traversal in Apache Flink version 1.11.0, 1.11.1, and 1.11.2 has been found and registered as #CVE-2020–17519
The researcher talking about Apache Flink and what it is, introducing some graphs that explain it.
Also some info of shodan about the number of the servers that use Apache Flink
The researchers in vsociety explained:
- Background Story
- They build the testing lab for this analysis and explained it
- How to setup the debugger to debug the solution later
- The researcher reproduced the vulnerability showing how to exploit it
- Performing static analysis and code review
- Performing dynamic analysis and debugging
- Mitigation
- Patch diffing
- and finally, some final thoughts
- Read the full blog from here:
- Check vsociety from here:
- To join vsociety and get paid for such researchers. contact me on linkedin: