GHSA-395w-qhqr-9fr6
HIGHPath Traversal in Apache Flink
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
org.apache.flink:flink-runtime_2.11☕org.apache.flink:flink-runtime_2.12Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects Maven packages — download data is not available via public APIs for these ecosystems.
Description
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| ☕Maven | org.apache.flink:flink-runtime_2.11 | ≥ 1.11.0&&< 1.11.3 | 1.11.3 |
| ☕Maven | org.apache.flink:flink-runtime_2.12 | ≥ 1.11.0&&< 1.11.3 | 1.11.3 |
Research use only. For defensive security, authorized penetration testing, and academic research only. Never execute exploit code against systems without explicit written authorization.
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
by SunCSR Team · Jan 8, 2021
Frequently Asked Questions
Is GHSA-395w-qhqr-9fr6 in your stack?
O3 detects GHSA-395w-qhqr-9fr6 across Maven dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.