開源資料處理框架Apache Flink在3年前公布的弱點,美國CISA證實被用於攻擊行動
支付動態 · 2024-05-27
上週美國網路安全暨基礎設施安全局(CISA)針對開源資料處理框架Apache Flink用戶提出警告,指出3年前公布的漏洞CVE-2020-17519,已出現被用於攻擊行動的情形
5月23日美國網路安全暨基礎設施安全局(CISA)將開源資料處理框架Apache Flink漏洞CVE-2020-17519,列入已被利用的漏洞名單(KEV),並要求聯邦機構於6月13日前完成修補。
這項漏洞源自於1.11.0版Flink導入的變更,攻擊者可藉由JobManager處理程序的REST介面,在本機的檔案系統讀取任意檔案,CVSS風險評為7.5分,IT人員應升級1.11.3或1.12.0以上的版本來緩解漏洞。
雖然CISA並未透露有關漏洞被利用的相關細節,無從得知攻擊者的身分及目的,但值得留意的是,Apache基金會於2021年1月公告、修補這項漏洞,相關資訊已被公布超過3年,也有研究人員公布概念性驗證的攻擊程式碼,這代表攻擊者相關利用漏洞不需自行從頭研究,後續可能有更多攻擊者加入嘗試利用漏洞的行列。
Popular articles
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
