Lucene search
K

4 matches found

OSV
OSV
added 2026/06/30 6:20 p.m.3 views

GHSA-M63V-2G9W-2W6V Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation

Summary A follow-up bypass of the round-4 PodSpec hardening GHSA-gx55-f84r-v3r7, GHSA-wmgg-3p4h-48x7, GHSA-v455-mv2v-5g92. Those advisories validate and sanitize the PodSpec spec.runtime.podSpec / spec.builder.podSpec / function.spec.podSpec, but the Environment CRD also exposes...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 6:18 p.m.12 views

EUVD-2026-36098

Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover...

9.9CVSS5.8AI score0.003EPSS
Exploits0References7
NVD
NVD
added 2026/06/10 6:17 p.m.16 views

CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References1
Rows per page
Query Builder