CVE-2020-1960: Command injection in Apache Flink
4.7
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.21852%
CWE
Published
5/21/2021
Updated
2/1/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.flink:flink-core | maven | < 1.9.2 | 1.9.3 |
org.apache.flink:flink-core | maven | = 1.10.0 | 1.10.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability is associated with the JMXReporter
in Apache Flink. The JMXReporter's
handling of the JMXRMI
registry is the key area of concern. Functions related to starting or configuring the JMX
registry are likely to be relevant. The exact function
names may vary based on the specific implementation details in the Flink codebase.