[jira] [Commented] (FLINK-3478) Flink serves arbitary files through the web interface

Till Rohrmann (JIRA) Tue, 23 Feb 2016 03:37:55 -0800

    [ 
https://issues.apache.org/jira/browse/FLINK-3478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15158753#comment-15158753
 ]


Till Rohrmann commented on FLINK-3478:
--------------------------------------

Really good catch [~mxm]. :+1:

> Flink serves arbitary files through the web interface
> -----------------------------------------------------
>
>                 Key: FLINK-3478
>                 URL: https://issues.apache.org/jira/browse/FLINK-3478
>             Project: Flink
>          Issue Type: Bug
>          Components: Webfrontend
>    Affects Versions: 0.10.0, 1.0.0, 0.10.1
>            Reporter: Maximilian Michels
>            Assignee: Maximilian Michels
>            Priority: Blocker
>             Fix For: 1.0.0, 0.10.3
>
>
> Flink serves arbitrary files through the web server of the 8081 port, e.g. 
> {{../../../../../../../../../../etc/passwd}}.
> The requested path needs to be validated before it is served.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (FLINK-3478) Flink serves arbitary files through the web interface

Reply via email to