Show plain JSON{"id": "CVE-2020-17518", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-05T12:15:12.367", "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/01/05/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r0b000dc028616d33cb9aa388eb45d516b789cab0024dad94bc06588a%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45dadcc97adf6676b0c1%40%3Cdev.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r4a87837518804b31eb9db3048347ed2bb7b46fbaad5844f22a9fd4dc%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r5444acac3407ef6397d6aef1b5aec2db53b4b88ef221e63084c1e5f2%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r705fb2211b82c9f1f8d2b1d4c823bcbca50402ba09b96608ec657efe%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r710693b0d3b229c81f485804ea1145b4edda79c9e77d66c39a0a2ff1%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r7b2ee88c66fc1d0823e66475631f5c3e7f0365204ff0cb094d9f2433%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r8167f30c4c60a11b8d5be3f55537beeda629be61196e693bde403b36%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r88200d2f0b620c6b4b1585a7171355005c89e678b01d0e71a16c57e7%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/ra8c96bf3ccb4e491f9ce87ba35f134b4449beb2a38d1ce28fd89001f%40%3Cdev.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cuser.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rcb9e8af775f2a3706b69153aefde78f208871649df057c70ce2e24f9%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd2467344f88bcaf108b8209ca92da8ec393c68174bfb8c27d1e20faa%40%3Cdev.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd6a1a0e2d73220a65a8f6535bbcd24bb66adb0d046c4a1aa18777cf3%40%3Cdev.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rec0d650fbd4ea1a5e1224a347d83a63cb44291c334ad58b8809bc23b%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rf8812a5703f4a5f1341138baf239258b250875699732cfdf9d55b21d%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rfe159ccf496d75813f24c6079c5d33872d83f5a2e39cb32c3aef5a73%40%3Cissues.flink.apache.org%3E", "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2021/01/05/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r0b000dc028616d33cb9aa388eb45d516b789cab0024dad94bc06588a%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45dadcc97adf6676b0c1%40%3Cdev.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r26fcdd4fe288323006253437ebc4dd6fdfadfb5e93465a0e4f68420d%40%3Cuser-zh.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r28f17e564950d663e68cc6fe75756012dda62ac623766bb9bc5e7034%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r4a87837518804b31eb9db3048347ed2bb7b46fbaad5844f22a9fd4dc%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r5444acac3407ef6397d6aef1b5aec2db53b4b88ef221e63084c1e5f2%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r705fb2211b82c9f1f8d2b1d4c823bcbca50402ba09b96608ec657efe%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r710693b0d3b229c81f485804ea1145b4edda79c9e77d66c39a0a2ff1%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r7b2ee88c66fc1d0823e66475631f5c3e7f0365204ff0cb094d9f2433%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r8167f30c4c60a11b8d5be3f55537beeda629be61196e693bde403b36%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r88200d2f0b620c6b4b1585a7171355005c89e678b01d0e71a16c57e7%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/ra8c96bf3ccb4e491f9ce87ba35f134b4449beb2a38d1ce28fd89001f%40%3Cdev.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cannounce.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cuser.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rcb9e8af775f2a3706b69153aefde78f208871649df057c70ce2e24f9%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rd2467344f88bcaf108b8209ca92da8ec393c68174bfb8c27d1e20faa%40%3Cdev.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rd6a1a0e2d73220a65a8f6535bbcd24bb66adb0d046c4a1aa18777cf3%40%3Cdev.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rec0d650fbd4ea1a5e1224a347d83a63cb44291c334ad58b8809bc23b%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rf8812a5703f4a5f1341138baf239258b250875699732cfdf9d55b21d%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rfe159ccf496d75813f24c6079c5d33872d83f5a2e39cb32c3aef5a73%40%3Cissues.flink.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master."}, {"lang": "es", "value": "Apache Flink versi\u00f3n 1.5.1, introdujo un controlador de REST que le permite escribir un archivo cargado en una ubicaci\u00f3n arbitraria en el sistema de archivos local, por medio de un encabezado HTTP modificado maliciosamente. Los archivos se pueden escribir en cualquier ubicaci\u00f3n accesible de Flink versi\u00f3n 1.5.1. Todos los usuarios deben actualizar a Flink versi\u00f3n 1.11.3 o 1.12.0 si sus instancias de Flink est\u00e1n expuestas. El problema se corrigi\u00f3 en el commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 de apache/flink:master"}], "lastModified": "2024-11-21T05:08:16.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "080CC731-EB0E-4F46-A9A0-D0AB49C84A83", "versionEndExcluding": "1.11.3", "versionStartIncluding": "1.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}