CVE-2020-17518

HIGH EXPLOITED NUCLEI

Apache Flink <1.11.3-1.12.0 - Path Traversal

Title source: llm

Description

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.

Exploits (3)

nomisec WORKING POC 7 stars
by QmF0c3UK · remote
https://github.com/QmF0c3UK/CVE-2020-17518
nomisec WORKING POC 3 stars
by murataydemir · remote
https://github.com/murataydemir/CVE-2020-17518
nomisec WORKING POC 1 stars
by rakjong · remote
https://github.com/rakjong/Flink-CVE-2020-17518-getshell

Nuclei Templates (1)

Apache Flink 1.5.1 - Local File Inclusion
HIGHby pdteam

References (24)

... and 4 more

Scores

CVSS v3 7.5
EPSS 0.9393
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

VulnCheck KEV 2023-11-25
CWE
CWE-22 CWE-23
Status published
Products (2)
apache/flink 1.5.1 - 1.11.3
org.apache.flink/flink-runtime 1.5.1 - 1.11.3Maven
Published Jan 05, 2021
Tracked Since Feb 18, 2026