Fission 操作系统命令注入漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the builder passing the Environment.spec.builder.command directly to...

PT-2026-48509

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

PT-2026-42688

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description In pkg/builder/builder.go, the software passes the Environment.spec.builder.command variable directly into the exec.Command function after a strings.Fields split without validating the executable pa...

EUVD-2024-45842

Malicious code in bioql PyPI...

CVE-2024-52313

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all...

CVE-2024-52313 data.all authenticated users can obtain incorrect object level authorizations

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all...