N/A

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.

N/A

N/A

Apache Heron 路径遍历漏洞

Apache Heron是一款分布式、具有容错功能的实时流处理引擎。 Apache Heron 0.13.0版本至0.17.8版本中存在路径遍历漏洞，该漏洞源于程序没有充分地过滤用户提交的输入。远程攻击者可通过发送带有‘../’序列的特制请求利用该漏洞检索受影响系统的任意文件。

N/A

N/A