Lucene search
K

6 matches found

NVD
NVD
added 2026/03/06 7:16 a.m.10 views

CVE-2026-29042

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

9.8CVSS0.02359EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/06 6:57 a.m.4 views

CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

9.3CVSS5.7AI score0.02359EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/06 6:57 a.m.6 views

CVE-2026-29042

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

9.3CVSS5.7AI score0.02359EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Nuclio 安全漏洞

Nuclio is an open-source data processing framework developed by Nuclio. Versions of Nuclio prior to 1.15.20 contained security vulnerabilities. These vulnerabilities stemmed from the Shell Runtime component, which allowed command injection when processing parameters provided by users. This could...

9.8CVSS7.5AI score0.02359EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/04 9:5 p.m.6 views

Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

Summary This vulnerability exists in Nuclio's Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin...

9.8CVSS6.4AI score0.02359EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-23091

Name of the Vulnerable Software and Affected Versions Nuclio versions prior to 1.15.20 Description Nuclio's Shell Runtime component contains a command injection issue. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into she...

9.9CVSS6.1AI score0.22162EPSS
Exploits69References139
Rows per page
Query Builder