0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@shimizukawasaki(清水 川崎)

[漏洞预警]Apache Flink任意Jar包上传导致远程代码执行

0
Posted at

漏洞描述

近日,有安全研究员公开了一个Apache Flink的任意Jar包上传导致远程代码执行的漏洞.经过亚信安全网络攻防实验室研究,发现该0day漏洞真实存在,并且可以攻击最新版本的Flink.官方暂未发布补丁.

CVE编号

暂无

漏洞威胁等级

高危

影响范围

<= 1.9.1(最新版本)

目前公网(中国地区)共有653台机器收到影响

image.png

漏洞验证

攻击者只需要自己定制一个恶意jar上传以后提交即可

image.png

image.png

修复建议

暂无,请等待官方更新

Reference

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?