Apache Flink 任意文件写入(CVE-2020-17518)

漏洞描述

【漏洞对象】Apache Flink 【涉及版本】Flink1.5.1-1.11.2 \【漏洞描述】ApacheFlink是一个开源的流处理框架，具有强大的流处理和批处理功能。Flink 1.5.1版本中引入了RESTAPI，该漏洞允许攻击者通过构造恶意的HTTP header，将上传的文件写入到本地文件系统上的任意位置。

相关漏洞推荐

CVE-2020-17518: Apache Flink 1.5.1 - Local File Inclusion POC

2025-09-01 | Apache Flink

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file ...
CVE-2020-17518: Apache Flink 1.5.1 - Local File Inclusion POC

2025-08-01 | Apache Flink

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file ...
CVE-2020-17519: Apache Flink - Local File Inclusion POC

2025-08-01 | Apache Flink

Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on...
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC

2025-09-01 | Nexus Repository

漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager"
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC

2025-09-01 | LimeSurvey

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...

漏洞描述

PoC代码

相关漏洞推荐

CVE-2020-17518: Apache Flink 1.5.1 - Local File Inclusion POC

CVE-2020-17518: Apache Flink 1.5.1 - Local File Inclusion POC

CVE-2020-17519: Apache Flink - Local File Inclusion POC

CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC

CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC