Maximilian Michels created FLINK-3478: -----------------------------------------
Summary: Flink serves arbitary files through the web interface Key: FLINK-3478 URL: https://issues.apache.org/jira/browse/FLINK-3478 Project: Flink Issue Type: Bug Components: Webfrontend Affects Versions: 0.10.1, 0.10.0, 1.0.0 Reporter: Maximilian Michels Assignee: Maximilian Michels Priority: Blocker Fix For: 1.0.0, 0.10.3 Flink serves arbitrary files through the web server of the 8081 port, e.g. {{../../../../../../../../../../etc/passwd}}. The requested path needs to be validated before it is served. -- This message was sent by Atlassian JIRA (v6.3.4#6332)