High
Apache Flink could allow a remote attacker to traverse directories on the system, caused by improper validation of user request by the REST API. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to read arbitrary files on the system.
Obtain Information
Apache
Upgrade to the latest version of Apache Flink (1.11.3, 1.12.0 or later).