(DEPRECATED) Apache Flink Mailing List archive.

[jira] [Created] (FLINK-3478) Flink serves arbitary files through the web interface

classic Classic list List threaded Threaded
1 message Options
Shang Yuanchun (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (FLINK-3478) Flink serves arbitary files through the web interface

Shang Yuanchun (Jira)
Maximilian Michels created FLINK-3478:
-----------------------------------------

             Summary: Flink serves arbitary files through the web interface
                 Key: FLINK-3478
                 URL: https://issues.apache.org/jira/browse/FLINK-3478
             Project: Flink
          Issue Type: Bug
          Components: Webfrontend
    Affects Versions: 0.10.1, 0.10.0, 1.0.0
            Reporter: Maximilian Michels
            Assignee: Maximilian Michels
            Priority: Blocker
             Fix For: 1.0.0, 0.10.3


Flink serves arbitrary files through the web server of the 8081 port, e.g. {{../../../../../../../../../../etc/passwd}}.

The requested path needs to be validated before it is served.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Free forum by Nabble Edit this page