Lucene search
+L

109 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-46326

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.0161EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:30 a.m.5 views

CVE-2023-41834

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

6.1CVSS7AI score0.0161EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.5 views

Prink: $K_s$-Anonymization for Streaming Data in Apache Flink

In this paper, we present Prink, a novel and practically applicable concept and fully implemented prototype for ks-anonymizing data streams in real-world application architectures. Building upon the pre-existing, yet rudimentary CASTLE scheme, Prink for the first time introduces semantics-aware...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.230 views

Apache Flink JobManager Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...

9.1CVSS7.4AI score0.97856EPSS
Exploits14
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 4:22 p.m.31 views

Security Bulletin: IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component ( CVE-2024-25710,CVE-2024-26308).

Summary IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component. Apache Flink uses Commons Compress for handling compressed files and formats, enabling efficient data processing and storage. Vulnerability Details CVEID:CVE-2024-25710...

8.1CVSS6.6AI score0.00898EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2024/05/23 4:44 p.m.29 views

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as...

10CVSS7.3AI score0.97856EPSS
Exploits18
CISA
CISA
added 2024/05/23 12:0 p.m.8 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-17519 Apache Flink Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significa...

9.1CVSS7AI score0.97856EPSS
In wildExploits14References6
CISA KEV Catalog
CISA KEV Catalog
added 2024/05/23 12:0 a.m.17 views

Apache Flink Improper Access Control Vulnerability

Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface...

9.1CVSS6.9AI score0.97856EPSS
In wildExploits14
OSV
OSV
added 2024/03/06 10:52 a.m.26 views

BIT-FLINK-2020-17518 Apache Flink directory traversal attack: remote file writing through the REST API

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

7.5CVSS7.4AI score0.50038EPSS
Exploits1References25
OSV
OSV
added 2024/03/06 10:51 a.m.29 views

BIT-FLINK-2020-17519 Apache Flink directory traversal attack: reading remote files through the REST API

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

9.1CVSS7.3AI score0.97856EPSS
Exploits14References18
OSV
OSV
added 2024/03/06 10:51 a.m.17 views

BIT-FLINK-2020-1960

A vulnerability in Apache Flink 1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0 where, when running a process with an enabled JMXReporter, with a port configured via...

4.7CVSS4.9AI score0.00863EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2024/01/12 7:56 a.m.33 views

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua...

9.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:30 p.m.28 views

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in snappy-java (CVE-2023-43642)

Summary This security vulnerability in snappy-java which is a Java port of the snappy within IBM Operator for Apache Flink is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is...

7.5CVSS7.3AI score0.0104EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2023/09/21 12:0 a.m.15 views

Apache Flink Code Injection Vulnerability

Apache Flink is an open source distributed streaming data processing engine of the Apache Foundation . The product is mainly written in Java and Scala languages . Func is Knative open source a client library and CLI , support for the development and deployment of features . Apache Flink Stateful...

6.1CVSS7.4AI score0.0161EPSS
Exploits0References1
NVD
NVD
added 2023/09/19 1:16 p.m.13 views

CVE-2023-41834

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

6.1CVSS6.4AI score0.0161EPSS
Exploits0References2
Prion
Prion
added 2023/09/19 1:16 p.m.13 views

Crlf injection

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

5.8CVSS6.3AI score0.0161EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/19 12:34 p.m.13 views

CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

7AI score0.0161EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/19 12:34 p.m.19 views

CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

6.5AI score0.0161EPSS
Exploits0References2
CVE
CVE
added 2023/09/19 12:34 p.m.61 views

CVE-2023-41834

CVE-2023-41834 affects Apache Flink Stateful Functions. The issue is an improper neutralization of CRLF sequences in HTTP headers, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting in versions 3.1.0, 3.1.1 and 3.2.0. Potential consequence: injected con...

6.1CVSS6.3AI score0.0161EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.5 views

Apache Flink 注入漏洞

Apache Flink is an open source distributed streaming data processing engine of the Apache Foundation . The product is mainly written in Java and Scala languages . Func is Knative open source a client library and CLI , support for the development and deployment of features . Apache Flink Stateful...

6.1CVSS7.5AI score0.0161EPSS
Exploits0References3
Rows per page
Query Builder