109 matches found
EUVD-2023-46326
Malicious code in bioql PyPI...
CVE-2023-41834
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
Prink: $K_s$-Anonymization for Streaming Data in Apache Flink
In this paper, we present Prink, a novel and practically applicable concept and fully implemented prototype for ks-anonymizing data streams in real-world application architectures. Building upon the pre-existing, yet rudimentary CASTLE scheme, Prink for the first time introduces semantics-aware...
Apache Flink JobManager Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...
Security Bulletin: IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component ( CVE-2024-25710,CVE-2024-26308).
Summary IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component. Apache Flink uses Commons Compress for handling compressed files and formats, enabling efficient data processing and storage. Vulnerability Details CVEID:CVE-2024-25710...
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-17519 Apache Flink Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significa...
Apache Flink Improper Access Control Vulnerability
Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface...
BIT-FLINK-2020-17518 Apache Flink directory traversal attack: remote file writing through the REST API
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...
BIT-FLINK-2020-17519 Apache Flink directory traversal attack: reading remote files through the REST API
A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...
BIT-FLINK-2020-1960
A vulnerability in Apache Flink 1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0 where, when running a process with an enabled JMXReporter, with a port configured via...
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua...
Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in snappy-java (CVE-2023-43642)
Summary This security vulnerability in snappy-java which is a Java port of the snappy within IBM Operator for Apache Flink is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is...
Apache Flink Code Injection Vulnerability
Apache Flink is an open source distributed streaming data processing engine of the Apache Foundation . The product is mainly written in Java and Scala languages . Func is Knative open source a client library and CLI , support for the development and deployment of features . Apache Flink Stateful...
CVE-2023-41834
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
Crlf injection
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
CVE-2023-41834
CVE-2023-41834 affects Apache Flink Stateful Functions. The issue is an improper neutralization of CRLF sequences in HTTP headers, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting in versions 3.1.0, 3.1.1 and 3.2.0. Potential consequence: injected con...
Apache Flink 注入漏洞
Apache Flink is an open source distributed streaming data processing engine of the Apache Foundation . The product is mainly written in Java and Scala languages . Func is Knative open source a client library and CLI , support for the development and deployment of features . Apache Flink Stateful...