org.apache.flink:flink-runtime_2.12@1.10.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.flink:flink-runtime_2.12 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

org.apache.flink:flink-runtime_2.12 is a stream processing framework.

Affected versions of this package are vulnerable to Directory Traversal. A customized filename can be specified through Content-Disposition that also allows passing of path information which was not properly handled.

How to fix Directory Traversal?

Upgrade org.apache.flink:flink-runtime_2.12 to version 1.11.3 or higher.

[1.7.0,1.11.3)