12 matches found
EUVD-2026-36099
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...
CVE-2026-50563 Fission Container Executor Function PodSpec Injection Leading to Node Escape
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...
CVE-2026-50563 Fission Container Executor Function PodSpec Injection Leading to Node Escape
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...
CVE-2026-50563
Fission before v1.24.0 allows a tenant to supply Function.spec.podspec, which is merged into the executor-built podspec and used to create a Deployment for the user’s container image. This directly explains the root cause of the listed vulnerability and aligns with the patched state in v1.24.0. T...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities stem from the Container Executor’s path, which allows tenants to directly provide Function.spec.podspec. The executor merges thi...
Privilege Escalation
org.apache.hadoop, hadoop-yarn-server-nodemanager is vulnerable to Privilege Escalation. The vulnerability is caused by making the rpath of container-executor binary of Apache Hadoop configurable from $ORIGIN/ to $ORIGIN/:../lib/native/. This is the path through which .so files are loaded. This c...
Apache Hadoop allows local user to gain root privileges
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
CVE-2023-26031
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
Command injection
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
CVE-2023-26031 Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
CVE-2023-26031 Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
PT-2022-7154 · Apache · Apache Hadoop
Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions 3.3.1 through 3.3.4 Description: The issue is related to the use of an unreliable path search in the Apache Hadoop platform, which can allow a remote attacker to execute commands with root privileges. The vulnerability ...