Flink

Apache Flink remote code execution vulnerability

Vulnerability address：http://flink.xxxxxxx.com/#/submit

vulnerability description：Apache Flink remote code execution vulnerability

Vulnerability details：

http://flink.xxxxxxx.com/#/submit

The default deployment of FLINK is unlicensed and there was a vulnerability in version 1.9. The current business is version 1.13, the original command execution POC can no longer be used, and the network cannot rebound shell.

Combined with the characteristics of flink, the author creatively designed a POC that can execute commands and echo even if it can not rebound or DNS parsing. It successfully executes cat / etc/passwd on the machine and echoes.

POC：详情见

https://github.com/ranhn/Flink/tree/main/src/main/java)https://github.com/ranhn/Flink/tree/main/src/main/java

https://github.com/ranhn/Flink/blob/main/pom.xml

Vulnerable version：<=1.13.2

Repair recommendations:

Upgrade to the latest version.

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
.idea		.idea
input		input
src/main/java		src/main/java
.gitattributes		.gitattributes
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Flink

About

Releases

Packages

Languages

ranhn/Flink

Folders and files

Latest commit

History

Repository files navigation

Flink

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages