[FLINK-3478] Flink serves arbitary files through the web interface - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 0.10.0, 0.10.1, 1.0.0
Fix Version/s: 1.0.0
Component/s: Runtime / Web Frontend
Labels:
None

Description

Flink serves arbitrary files through the web server of the 8081 port, e.g. ../../../../../../../../../../etc/passwd.

The requested path needs to be validated before it is served.

Attachments

Activity

People

Assignee:: Ufuk Celebi

Reporter:: Maximilian Michels

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 23/Feb/16 09:16

Updated:: 24/Feb/16 10:48

Resolved:: 24/Feb/16 10:48