248 matches found
CVE-2026-50568
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contain security vulnerabilities. These vulnerabilities stem from the SanitizeFilePath function, which uses string prefix checks instead of directory boundary checks. As a result,...
PT-2026-48513
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...
PT-2026-42605
Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...
EUVD-2022-33530
Malicious code in bioql PyPI...
EUVD-2022-33560
Malicious code in bioql PyPI...
EUVD-2022-33559
Malicious code in bioql PyPI...
EUVD-2022-33545
Malicious code in bioql PyPI...
EUVD-2022-31334
Malicious code in bioql PyPI...
EUVD-2022-33544
Malicious code in bioql PyPI...
EUVD-2022-29418
Malicious code in bioql PyPI...
EUVD-2022-29365
Malicious code in bioql PyPI...
EUVD-2022-33532
Malicious code in bioql PyPI...
EUVD-2022-33548
Malicious code in bioql PyPI...
EUVD-2022-33533
Malicious code in bioql PyPI...
runc 安全漏洞
runc is an Open Container Initiative open source CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc version 1.1.13 and earlier and version 1.2.0-rc2 and earlier, which stems from a contention condition ...
runc: volume mount race condition (regression of CVE-2019-19921)
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...
runc: volume mount race condition (regression of CVE-2019-19921)
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...
runc: volume mount race condition (regression of CVE-2019-19921)
A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume...