6 matches found
Fission 操作系统命令注入漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the builder passing the Environment.spec.builder.command directly to...
PT-2026-48509
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is a Kubernetes-native serverless framework. The Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder...
PT-2026-42688
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description In pkg/builder/builder.go, the software passes the Environment.spec.builder.command variable directly into the exec.Command function after a strings.Fields split without validating the executable pa...
EUVD-2024-45842
Malicious code in bioql PyPI...
CVE-2024-52313
An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all...
CVE-2024-52313 data.all authenticated users can obtain incorrect object level authorizations
An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all...