Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-17519 PoC — Apache Flink directory traversal attack: reading remote files through the REST API

Source
https://github.com/B1anda0/CVE-2020-17519
Associated Vulnerability
Title:Apache Flink directory traversal attack: reading remote files through the REST API (CVE-2020-17519)
Description:A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
Description
Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)
Readme
## 使用方法&免责声明

该脚本为Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)。

使用方法:`Python CVE-2020-17519.py urls.txt`

urls.txt 中每个url为一行,漏洞地址输出在vul.txt中

##### 影响版本:

Apache Flink 1.11.0、1.11.1、1.11.2



工具仅用于安全人员安全测试,任何未授权检测造成的直接或者间接的后果及损失,均由使用者本人负责
File Snapshot

 [4.0K]  /data/pocs/87a46d10d42faf20683afac5187c0ebf1b007779
├── [ 69K]  CVE-2020-17519.png
├── [2.0K]  CVE-2020-17519.py
└── [ 443]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →