CVE-2020-17519

CVE-2020-17519 is an Apache Flink directory traversal vulnerability that permits reading arbitrary files on the JobManager host via the REST interface. The flaw stems from a change introduced in Flink 1.11.0 (affecting 1.11.0, 1.11.1, and 1.11.2) and is limited to files accessible by the JobManag...

CVE-2020-17518

CVE-2020-17518 affects Apache Flink 1.5.1. A REST file upload handler allowed an attacker to write a file to an arbitrary location on the local filesystem by manipulating the HTTP header (directory-traversal via file upload). The issue is mitigated by upgrading Flink to 1.11.3 or 1.12.0 (where th...

CVE-2020-1960

CVE-2020-1960 (Apache Flink) affects multiple Flink versions (1.1.0–1.10.0). When a process runs with an enabled JMXReporter and a port configured via metrics.reporter.reporter_name>.port, a local attacker with access to the JMX port can perform a man-in-the-middle attack to rebind the JMXRMI ...

CVE-2026-35194

CVE-2026-35194 affects Apache Flink: code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via malicious SQL queries. Affected are Flink versions 1.15.0–1.20.x and 2.0.0–2.x, with JSON functions (1.15.0+) and LI...