漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences
Vulnerability Description
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.
CVSS Information
N/A
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
Apache Flink 注入漏洞
Vulnerability Description
Apache Flink是美国Apache基金会的一款开源的分布式流数据处理引擎。该产品主要使用Java和Scala语言编写。Func是Knative开源的一个客户端库和 CLI ,支持功能的开发和部署。 Apache Flink Stateful Functions 3.1.0、3.1.1 和 3.2.0版本存在注入漏洞,该漏洞源于HTTP 标头中 CRLF 序列的不正确中和,允许远程攻击者注入任意 HTTP 标头,并通过精心设计的 HTTP 请求进行 HTTP 响应拆分攻击,攻击者利用该漏洞可能会注入
CVSS Information
N/A
Vulnerability Type
N/A