flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maximilian Michels (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FLINK-3478) Flink serves arbitary files through the web interface
Date Tue, 23 Feb 2016 09:17:19 GMT
Maximilian Michels created FLINK-3478:
-----------------------------------------

             Summary: Flink serves arbitary files through the web interface
                 Key: FLINK-3478
                 URL: https://issues.apache.org/jira/browse/FLINK-3478
             Project: Flink
          Issue Type: Bug
          Components: Webfrontend
    Affects Versions: 0.10.1, 0.10.0, 1.0.0
            Reporter: Maximilian Michels
            Assignee: Maximilian Michels
            Priority: Blocker
             Fix For: 1.0.0, 0.10.3


Flink serves arbitrary files through the web server of the 8081 port, e.g. {{../../../../../../../../../../etc/passwd}}.

The requested path needs to be validated before it is served.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message