19 matches found
The vulnerability of the Pulsar Function Worker module on the cloud platform for distributed messaging and Apache Pulsar streaming involves allowing a hacker to execute arbitrary code.
The vulnerability of the Pulsar Function Worker module on the cloud platform for distributed messaging and Apache Pulsar streaming involves insufficient control over resources with dynamic management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2) +3 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (>=3.1.0 <=3.1.2)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-27894 Source advisory: OSV:GHSA-C2X9-VW5H-39VC...
GHSA-XP2R-G8QQ-44HH Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is...
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...
CVE-2024-27135
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is...
CVE-2024-27135
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is...
Design/Logic Flaw
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...
CVE-2024-27894 Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...
CVE-2024-27894 Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...
CVE-2024-27317
Root cause: a directory traversal in archive extraction when uploaded ZIPs (jar/nar) are processed by Pulsar Functions Worker, allowing creation/modification of files outside the extraction dir. Attack surface includes Pulsar Broker when functionsWorkerEnabled=true. Affected versions span 2.4.0–2...
PT-2024-2609 · Apache · Apache Pulsar
Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.4.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.3 Apache Pulsar versions 3.0.0 through 3.0.2 Apache Pulsar versions 3.1.0 through 3.1.2 Apache Pulsar version 3.2.0 Description: The issue is related to...
PT-2024-2612 · Apache · Apache Pulsar
Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.4.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.3 Apache Pulsar versions 3.0.0 through 3.0.2 Apache Pulsar versions 3.1.0 through 3.1.2 Apache Pulsar version 3.2.0 Description: The issue is related to a...
GHSA-74MC-G2XV-PCH2 Apache Pulsar Function Worker Incorrect Authorization vulnerability
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks...
GHSA-G9CV-V3V4-3H8R Apache Pulsar Incorrect Authorization vulnerability
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar...
CVE-2023-37579
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks...
CVE-2023-37579
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks...
CVE-2023-30429
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar...
CVE-2023-37579 Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/Source Credentials
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks...
CVE-2023-37579
This CVE affects Apache Pulsar Function Worker. An incorrect authorization flaw allows any authenticated user to retrieve a source or sink configuration, potentially exposing credentials stored in those configurations. Affected products/versions: Pulsar Function Worker before 2.10.4 and before 2....