.. / CVE-2020-17519

Exploit for Apache Flink - Local File Inclusion (CVE-2020-17519)

Description:

Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).

Nuclei Template

View the template here CVE-2020-17519.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-17519.yaml

References:

https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cuser.flink.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-17519
https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d@%3Cdev.flink.apache.org%3E
https://github.com/B1anda0/CVE-2020-17519

.. / CVE-2020-17519 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache Flink - Local File Inclusion (CVE-2020-17519)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-17519