subject:"Apache flink 1.7.2 security issues"

Re: Apache flink 1.7.2 security issues

2019-08-13 Thread Timothy Victor

The flink job manager UI isn't meant to be accessed from outside a firewall
I think.   Plus I dont think it was designed with security in mind and
honestly it doesn't need to in my opinion.

If you need security then address your network setup.   And if it is still
a problem the just turn off the UI and use CLI.

Tim

On Tue, Aug 13, 2019, 6:33 AM V N, Suchithra (Nokia - IN/Bangalore) <
suchithra@nokia.com> wrote:

> Hello,
>
>
>
> We are using Apache Flink 1.7.2 version. During our security scans
> following issues are reported by our scan tool. Please let us know your
> comments on these issues.
>
>
>
> *[1] 150085 Slow HTTP POST vulnerability*
>
> *Severity *Potential Vulnerability - Level 3
>
> *Group *Information Disclosure
>
>
>
> *Threat*
>
> The web application is possibly vulnerable to a "slow HTTP POST" Denial of
> Service (DoS) attack. This is an application-level DoS that consumes server
>
> resources by maintaining open connections for an extended period of time
> by slowly sending traffic to the server. If the server maintains too many
> connections
>
> open at once, then it may not be able to respond to new, legitimate
> connections.
>
>
>
> *#1 Request*
>
> *Payload *N/A
>
> *Request *POST https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
> #4 Content-Type: application/x-www-form-urlencoded
>
>
>
> *#1 Response*
>
> Vulnerable to slow HTTP POST attack
>
> Connection with partial POST body remained open for: 312932 milliseconds
>
>
>
> *[2] 150124 Clickjacking - Framable Page (10)*
>
> *Severity *Confirmed Vulnerability - Level 3
>
> *Group *Information Disclosure
>
> *CVSS Base *6.4 *CVSS Temporal*5.8
>
>
>
> *Threat*
>
> The web page can be framed. This means that clickjacking attacks against
> users are possible.
>
>
>
> *#1 Request*
>
> *Payload *N/A
>
> *Request *GET https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
>
>
> *#1 Response*
>
> The URI was framed.
>
>
>
> Below url’s have also reported the same issues and response was same.
>
>
>
> *Request *GET https://:/partials/jobs/running-jobs.html
>
> *Request *GET https://:/partials/submit.html
>
> *Request *GET https://:/partials/jobmanager/stdout.html
>
> *Request *GET https://:/partials/jobs/completed-jobs.html
>
> *Request *GET https://:/partials/taskmanager/index.html
>
> *Request *GET https://:/partials/jobmanager/log.html
> 
>
> *Request *GET https://:/partials/jobmanager/index.html
>
> *Request *GET https:///partials/overview.html
>
> *Request *GET https://:/partials/jobmanager/config.html
>
>
>
> *[3] 150162 Use of JavaScript Library with Known Vulnerability (4)*
>
>
>
> *Threat*
>
> The web application is using a JavaScript library that is known to contain
> at least one vulnerability.
>
>
>
> *#1 Request*
>
> *Payload *-
>
> *Request *GET https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
>
>
> *#1 Response*
>
> *Vulnerable javascript library: jQuery*
>
> *version: 2.2.0*
>
> Details:
>
> CVE-2015-9251: jQuery versions on or above 1.4.0 and below 1.12.0 (version
> 1.12.3 and above but below 3.0.0-beta1 as well) are vulnerable to XSS via
> 3rd party text/javascript responses(3rd party
>
> CORS request may execute). (https://github.com/jquery/jquery/issues/2432).
>
> Solution: jQuery version 3.0.0 has been released to address the issue (
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/). Please
> refer to vendor documentation (https://blog.jquery.com/)
>
> for the latest security updates.
>
>
>
> Found on the following pages (only first 10 pages are reported):
>
> https://:/
>
> https://:/#/completed-jobs
>
> https://:/#/jobmanager/config
>
> https://:/#/overview
>
> https://:/#/running-jobs
>
> https://:/#/submit
>
> https://:/#/taskmanagers
>
> https://:/#/jobmanager/log
>
> https://:/#/jobmanager/stdout
>
> https://:/#/taskmanager/100474b27dcd8eeb9f3ff38c952977c9/log
>
>
>
>
>
> *#1 Response*
>
> *Vulnerable javascript library: Angular*
>
> *version: 1.4.8*
>
> Details:
>
> In angular versions below 1.6.5 both Firefox and Safari are vulnerable to
> XSS in $sanitize if an inert document created via
> `document.implementation.createHTMLDocument()` is used. Angular version
>
> 1.6.5 checks for these vulnerabilities and then use a DOMParser or XHR
> strategy if needed. Please refer to vendor documentation (
> https://github.com/angular/angular.js/commit/
>
> 8f31f1ff43b673a24f84422d5c13d6312b2c4d94) for latest security updates.
>
> Found on the following pages (only first 10 pages are reported):
>
> https://:/
>
> https://:/#/completed-jobs
>
> https://:/#/jobmanager/config
>
> https://:/#/overview
>
> https://:/#/running-jobs
>
> https://:/#/submit
>
> https://:/#/taskmanagers
>
> https://:/#/jobmanager/log
>
> https://:/#/jobmanager/stdout
>
> https://:/#/taskmanager/100474b27dcd8eeb9f3ff38c952977c9/log
> 
>
>
>
> *#1 Response*
>
> *Vulnerable javascript library: Bootstrap*
>
>

Re: Apache flink 1.7.2 security issues

2019-08-13 Thread Fabian Hueske

Thanks for reporting this issue.
It is already discussed on Flink's dev mailing list in this thread:

->
https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E

Please continue the discussion there.

Thanks, Fabian

Am Di., 13. Aug. 2019 um 13:33 Uhr schrieb V N, Suchithra (Nokia -
IN/Bangalore) :

> Hello,
>
>
>
> We are using Apache Flink 1.7.2 version. During our security scans
> following issues are reported by our scan tool. Please let us know your
> comments on these issues.
>
>
>
> *[1] 150085 Slow HTTP POST vulnerability*
>
> *Severity *Potential Vulnerability - Level 3
>
> *Group *Information Disclosure
>
>
>
> *Threat*
>
> The web application is possibly vulnerable to a "slow HTTP POST" Denial of
> Service (DoS) attack. This is an application-level DoS that consumes server
>
> resources by maintaining open connections for an extended period of time
> by slowly sending traffic to the server. If the server maintains too many
> connections
>
> open at once, then it may not be able to respond to new, legitimate
> connections.
>
>
>
> *#1 Request*
>
> *Payload *N/A
>
> *Request *POST https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
> #4 Content-Type: application/x-www-form-urlencoded
>
>
>
> *#1 Response*
>
> Vulnerable to slow HTTP POST attack
>
> Connection with partial POST body remained open for: 312932 milliseconds
>
>
>
> *[2] 150124 Clickjacking - Framable Page (10)*
>
> *Severity *Confirmed Vulnerability - Level 3
>
> *Group *Information Disclosure
>
> *CVSS Base *6.4 *CVSS Temporal*5.8
>
>
>
> *Threat*
>
> The web page can be framed. This means that clickjacking attacks against
> users are possible.
>
>
>
> *#1 Request*
>
> *Payload *N/A
>
> *Request *GET https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
>
>
> *#1 Response*
>
> The URI was framed.
>
>
>
> Below url’s have also reported the same issues and response was same.
>
>
>
> *Request *GET https://:/partials/jobs/running-jobs.html
>
> *Request *GET https://:/partials/submit.html
>
> *Request *GET https://:/partials/jobmanager/stdout.html
>
> *Request *GET https://:/partials/jobs/completed-jobs.html
>
> *Request *GET https://:/partials/taskmanager/index.html
>
> *Request *GET https://:/partials/jobmanager/log.html
> 
>
> *Request *GET https://:/partials/jobmanager/index.html
>
> *Request *GET https:///partials/overview.html
>
> *Request *GET https://:/partials/jobmanager/config.html
>
>
>
> *[3] 150162 Use of JavaScript Library with Known Vulnerability (4)*
>
>
>
> *Threat*
>
> The web application is using a JavaScript library that is known to contain
> at least one vulnerability.
>
>
>
> *#1 Request*
>
> *Payload *-
>
> *Request *GET https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
>
>
> *#1 Response*
>
> *Vulnerable javascript library: jQuery*
>
> *version: 2.2.0*
>
> Details:
>
> CVE-2015-9251: jQuery versions on or above 1.4.0 and below 1.12.0 (version
> 1.12.3 and above but below 3.0.0-beta1 as well) are vulnerable to XSS via
> 3rd party text/javascript responses(3rd party
>
> CORS request may execute). (https://github.com/jquery/jquery/issues/2432).
>
> Solution: jQuery version 3.0.0 has been released to address the issue (
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/). Please
> refer to vendor documentation (https://blog.jquery.com/)
>
> for the latest security updates.
>
>
>
> Found on the following pages (only first 10 pages are reported):
>
> https://:/
>
> https://:/#/completed-jobs
>
> https://:/#/jobmanager/config
>
> https://:/#/overview
>
> https://:/#/running-jobs
>
> https://:/#/submit
>
> https://:/#/taskmanagers
>
> https://:/#/jobmanager/log
>
> https://:/#/jobmanager/stdout
>
> https://:/#/taskmanager/100474b27dcd8eeb9f3ff38c952977c9/log
>
>
>
>
>
> *#1 Response*
>
> *Vulnerable javascript library: Angular*
>
> *version: 1.4.8*
>
> Details:
>
> In angular versions below 1.6.5 both Firefox and Safari are vulnerable to
> XSS in $sanitize if an inert document created via
> `document.implementation.createHTMLDocument()` is used. Angular version
>
> 1.6.5 checks for these vulnerabilities and then use a DOMParser or XHR
> strategy if needed. Please refer to vendor documentation (
> https://github.com/angular/angular.js/commit/
>
> 8f31f1ff43b673a24f84422d5c13d6312b2c4d94) for latest security updates.
>
> Found on the following pages (only first 10 pages are reported):
>
> https://:/
>
> https://:/#/completed-jobs
>
> https://:/#/jobmanager/config
>
> https://:/#/overview
>
> https://:/#/running-jobs
>
> https://:/#/submit
>
> https://:/#/taskmanagers
>
> https://:/#/jobmanager/log
>
> https://:/#/jobmanager/stdout
>
> https://:/#/taskmanager/100474b27dcd8eeb9f3ff38c952977c9/log
> 
>
>
>
> *#1 Response*
>
> *Vulnerable javascript library: Bootstrap*
>
> *version: 3.3.6*
>
> Details:
>
> The data-target

Apache flink 1.7.2 security issues

2019-08-13 Thread V N, Suchithra (Nokia - IN/Bangalore)

Hello,

We are using Apache Flink 1.7.2 version. During our security scans following 
issues are reported by our scan tool. Please let us know your comments on these 
issues.

[1] 150085 Slow HTTP POST vulnerability
Severity Potential Vulnerability - Level 3
Group Information Disclosure

Threat
The web application is possibly vulnerable to a "slow HTTP POST" Denial of 
Service (DoS) attack. This is an application-level DoS that consumes server
resources by maintaining open connections for an extended period of time by 
slowly sending traffic to the server. If the server maintains too many 
connections
open at once, then it may not be able to respond to new, legitimate connections.

#1 Request
Payload N/A
Request POST https://:/
#1 Host: :
#3 Accept: */*
#4 Content-Type: application/x-www-form-urlencoded

#1 Response
Vulnerable to slow HTTP POST attack
Connection with partial POST body remained open for: 312932 milliseconds

[2] 150124 Clickjacking - Framable Page (10)
Severity Confirmed Vulnerability - Level 3
Group Information Disclosure
CVSS Base 6.4 CVSS Temporal5.8

Threat
The web page can be framed. This means that clickjacking attacks against users 
are possible.

#1 Request
Payload N/A
Request GET https://:/
#1 Host: :
#3 Accept: */*

#1 Response
The URI was framed.

Below url's have also reported the same issues and response was same.

Request GET 
https://:/partials/jobs/running-jobs.html
Request GET 
https://:/partials/submit.html
Request GET 
https://:/partials/jobmanager/stdout.html
Request GET 
https://:/partials/jobs/completed-jobs.html
Request GET 
https://:/partials/taskmanager/index.html
Request GET 
https://:/partials/jobmanager/log.html
Request GET 
https://:/partials/jobmanager/index.html
Request GET 
https:///partials/overview.html
Request GET 
https://:/partials/jobmanager/config.html

[3] 150162 Use of JavaScript Library with Known Vulnerability (4)

Threat
The web application is using a JavaScript library that is known to contain at 
least one vulnerability.

#1 Request
Payload -
Request GET https://:/
#1 Host: :
#3 Accept: */*

#1 Response
Vulnerable javascript library: jQuery
version: 2.2.0
Details:
CVE-2015-9251: jQuery versions on or above 1.4.0 and below 1.12.0 (version 
1.12.3 and above but below 3.0.0-beta1 as well) are vulnerable to XSS via 3rd 
party text/javascript responses(3rd party
CORS request may execute). (https://github.com/jquery/jquery/issues/2432).
Solution: jQuery version 3.0.0 has been released to address the issue 
(http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/). Please refer 
to vendor documentation (https://blog.jquery.com/)
for the latest security updates.

Found on the following pages (only first 10 pages are reported):
https://:/
https://:/#/completed-jobs
https://:/#/jobmanager/config
https://:/#/overview
https://:/#/running-jobs
https://:/#/submit
https://:/#/taskmanagers
https://:/#/jobmanager/log
https://:/#/jobmanager/stdout
https://:/#/taskmanager/100474b27dcd8eeb9f3ff38c952977c9/log


#1 Response
Vulnerable javascript library: Angular
version: 1.4.8
Details:
In angular versions below 1.6.5 both Firefox and Safari are vulnerable to XSS 
in $sanitize if an inert document created via 
`document.implementation.createHTMLDocument()` is used. Angular version
1.6.5 checks for these vulnerabilities and then use a DOMParser or XHR strategy 
if needed. Please refer to vendor documentation 
(https://github.com/angular/angular.js/commit/
8f31f1ff43b673a24f84422d5c13d6312b2c4d94) for latest security updates.
Found on the following pages (only first 10 pages are reported):
https://:/
https://:/#/completed-jobs
https://:/#/jobmanager/config
https://:/#/overview

Re: Apache flink 1.7.2 security issues

2019-08-13 Thread Stephan Ewen

Hi!

Thank you for reporting this!

At the moment, the Flink REST endpoint is not secure in the way that you
can expose it publicly. After all, you can submit Flink jobs to it which by
definition support executing arbitrary code.
Given that access to the REST endpoint allows by design arbitrary code
execution (running a Flink job), these reported vulnerabilities are
probably not as critical.

In light of that, the REST endpoint needs to be exposed in a secure way
(SSL mutual auth, an authenticating proxy, etc.).

Nevertheless, let us see whether we can update at least the web UI
dependencies to newer versions which are not subject to these exploits, to
take a step towards making the REST endpoint more suitable to be public
facing.

Best,
Stephan



On Sun, Aug 11, 2019 at 6:20 PM V N, Suchithra (Nokia - IN/Bangalore) <
suchithra@nokia.com> wrote:

> Hello,
>
>
>
> We are using Apache Flink 1.7.2 version. During our security scans
> following issues are reported by our scan tool. Please let us know your
> comments on these issues.
>
>
>
> *[1] 150085 Slow HTTP POST vulnerability*
>
> *Severity *Potential Vulnerability - Level 3
>
> *Group *Information Disclosure
>
>
>
> *Threat*
>
> The web application is possibly vulnerable to a "slow HTTP POST" Denial of
> Service (DoS) attack. This is an application-level DoS that consumes server
>
> resources by maintaining open connections for an extended period of time
> by slowly sending traffic to the server. If the server maintains too many
> connections
>
> open at once, then it may not be able to respond to new, legitimate
> connections.
>
>
>
> *#1 Request*
>
> *Payload *N/A
>
> *Request *POST https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
> #4 Content-Type: application/x-www-form-urlencoded
>
>
>
> *#1 Response*
>
> Vulnerable to slow HTTP POST attack
>
> Connection with partial POST body remained open for: 312932 milliseconds
>
>
>
> *[2] 150124 Clickjacking - Framable Page (10)*
>
> *Severity *Confirmed Vulnerability - Level 3
>
> *Group *Information Disclosure
>
> *CVSS Base *6.4 *CVSS Temporal*5.8
>
>
>
> *Threat*
>
> The web page can be framed. This means that clickjacking attacks against
> users are possible.
>
>
>
> *#1 Request*
>
> *Payload *N/A
>
> *Request *GET https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
>
>
> *#1 Response*
>
> The URI was framed.
>
>
>
> Below url’s have also reported the same issues and response was same.
>
>
>
> *Request *GET https://:/partials/jobs/running-jobs.html
>
> *Request *GET https://:/partials/submit.html
>
> *Request *GET https://:/partials/jobmanager/stdout.html
>
> *Request *GET https://:/partials/jobs/completed-jobs.html
>
> *Request *GET https://:/partials/taskmanager/index.html
>
> *Request *GET https://:/partials/jobmanager/log.html
> 
>
> *Request *GET https://:/partials/jobmanager/index.html
>
> *Request *GET https:///partials/overview.html
>
> *Request *GET https://:/partials/jobmanager/config.html
>
>
>
> *[3] 150162 Use of JavaScript Library with Known Vulnerability (4)*
>
>
>
> *Threat*
>
> The web application is using a JavaScript library that is known to contain
> at least one vulnerability.
>
>
>
> *#1 Request*
>
> *Payload *-
>
> *Request *GET https://:/
>
> #1 Host: :
>
> #3 Accept: */*
>
>
>
> *#1 Response*
>
> *Vulnerable javascript library: jQuery*
>
> *version: 2.2.0*
>
> Details:
>
> CVE-2015-9251: jQuery versions on or above 1.4.0 and below 1.12.0 (version
> 1.12.3 and above but below 3.0.0-beta1 as well) are vulnerable to XSS via
> 3rd party text/javascript responses(3rd party
>
> CORS request may execute). (https://github.com/jquery/jquery/issues/2432).
>
> Solution: jQuery version 3.0.0 has been released to address the issue (
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/). Please
> refer to vendor documentation (https://blog.jquery.com/)
>
> for the latest security updates.
>
>
>
> Found on the following pages (only first 10 pages are reported):
>
> https://:/
>
> https://:/#/completed-jobs
>
> https://:/#/jobmanager/config
>
> https://:/#/overview
>
> https://:/#/running-jobs
>
> https://:/#/submit
>
> https://:/#/taskmanagers
>
> https://:/#/jobmanager/log
>
> https://:/#/jobmanager/stdout
>
> https://:/#/taskmanager/100474b27dcd8eeb9f3ff38c952977c9/log
>
>
>
>
>
> *#1 Response*
>
> *Vulnerable javascript library: Angular*
>
> *version: 1.4.8*
>
> Details:
>
> In angular versions below 1.6.5 both Firefox and Safari are vulnerable to
> XSS in $sanitize if an inert document created via
> `document.implementation.createHTMLDocument()` is used. Angular version
>
> 1.6.5 checks for these vulnerabilities and then use a DOMParser or XHR
> strategy if needed. Please refer to vendor documentation (
> https://github.com/angular/angular.js/commit/
>
> 8f31f1ff43b673a24f84422d5c13d6312b2c4d94) for latest security updates.
>
> Found on the following pages (only first 10 pages are reported):
>
> https://:/
>
>

Apache flink 1.7.2 security issues

2019-08-11 Thread V N, Suchithra (Nokia - IN/Bangalore)

Hello,

We are using Apache Flink 1.7.2 version. During our security scans following 
issues are reported by our scan tool. Please let us know your comments on these 
issues.

[1] 150085 Slow HTTP POST vulnerability
Severity Potential Vulnerability - Level 3
Group Information Disclosure

Threat
The web application is possibly vulnerable to a "slow HTTP POST" Denial of 
Service (DoS) attack. This is an application-level DoS that consumes server
resources by maintaining open connections for an extended period of time by 
slowly sending traffic to the server. If the server maintains too many 
connections
open at once, then it may not be able to respond to new, legitimate connections.

#1 Request
Payload N/A
Request POST https://:/
#1 Host: :
#3 Accept: */*
#4 Content-Type: application/x-www-form-urlencoded

#1 Response
Vulnerable to slow HTTP POST attack
Connection with partial POST body remained open for: 312932 milliseconds

[2] 150124 Clickjacking - Framable Page (10)
Severity Confirmed Vulnerability - Level 3
Group Information Disclosure
CVSS Base 6.4 CVSS Temporal5.8

Threat
The web page can be framed. This means that clickjacking attacks against users 
are possible.

#1 Request
Payload N/A
Request GET https://:/
#1 Host: :
#3 Accept: */*

#1 Response
The URI was framed.

Below url's have also reported the same issues and response was same.

Request GET 
https://:/partials/jobs/running-jobs.html
Request GET 
https://:/partials/submit.html
Request GET 
https://:/partials/jobmanager/stdout.html
Request GET 
https://:/partials/jobs/completed-jobs.html
Request GET 
https://:/partials/taskmanager/index.html
Request GET 
https://:/partials/jobmanager/log.html
Request GET 
https://:/partials/jobmanager/index.html
Request GET 
https:///partials/overview.html
Request GET 
https://:/partials/jobmanager/config.html

[3] 150162 Use of JavaScript Library with Known Vulnerability (4)

Threat
The web application is using a JavaScript library that is known to contain at 
least one vulnerability.

#1 Request
Payload -
Request GET https://:/
#1 Host: :
#3 Accept: */*

#1 Response
Vulnerable javascript library: jQuery
version: 2.2.0
Details:
CVE-2015-9251: jQuery versions on or above 1.4.0 and below 1.12.0 (version 
1.12.3 and above but below 3.0.0-beta1 as well) are vulnerable to XSS via 3rd 
party text/javascript responses(3rd party
CORS request may execute). (https://github.com/jquery/jquery/issues/2432).
Solution: jQuery version 3.0.0 has been released to address the issue 
(http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/). Please refer 
to vendor documentation (https://blog.jquery.com/)
for the latest security updates.

Found on the following pages (only first 10 pages are reported):
https://:/
https://:/#/completed-jobs
https://:/#/jobmanager/config
https://:/#/overview
https://:/#/running-jobs
https://:/#/submit
https://:/#/taskmanagers
https://:/#/jobmanager/log
https://:/#/jobmanager/stdout
https://:/#/taskmanager/100474b27dcd8eeb9f3ff38c952977c9/log


#1 Response
Vulnerable javascript library: Angular
version: 1.4.8
Details:
In angular versions below 1.6.5 both Firefox and Safari are vulnerable to XSS 
in $sanitize if an inert document created via 
`document.implementation.createHTMLDocument()` is used. Angular version
1.6.5 checks for these vulnerabilities and then use a DOMParser or XHR strategy 
if needed. Please refer to vendor documentation 
(https://github.com/angular/angular.js/commit/
8f31f1ff43b673a24f84422d5c13d6312b2c4d94) for latest security updates.
Found on the following pages (only first 10 pages are reported):
https://:/
https://:/#/completed-jobs
https://:/#/jobmanager/config
https://:/#/overview
https://:/#/running-jobs
https://:/#/submit
https://:/#/taskmanagers
https://:/#/jobmanager/log
https://:/#/jobmanager/stdout
https://:/#/taskmanager/100474b27dcd8eeb9f3ff38c952977c9/log

#1 Response
Vulnerable javascript library: Bootstrap
version: 3.3.6
Details:
The data-target attribute in bootstrap versions below 3.4.0 is vulnerable to 
Cross-Site Scripting(XSS) attacks. Please refer to vendor documentation 
(https://github.com/twbs/bootstrap/pull/23687, https://
github.com/twbs/bootstrap/issues/20184) for the latest security updates.
--
CVE-2019-8331: In bootstrap versions before 3.4.1, data-template, data-content 
and data-title properties of

Re: Apache flink 1.7.2 security issues

Re: Apache flink 1.7.2 security issues

Apache flink 1.7.2 security issues

Re: Apache flink 1.7.2 security issues

Apache flink 1.7.2 security issues

5 matches

Site Navigation

Mail list logo

Footer information