29 matches found
CVE-2024-27894
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...
Design/Logic Flaw
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...
Directory traversal
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...
CVE-2024-27894 Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...
CVE-2024-27894
The CVE describes a vulnerability in Apache Pulsar where the Functions Worker can create functions whose implementation is fetched from a URL (file, http, https). An authenticated attacker could read any file the worker process can access (including environment secrets) and use the worker as a pr...
CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...
Apache Pulsar 安全漏洞
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...
PT-2024-2611 · Apache · Apache Pulsar
Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions prior to 2.10.6 Apache Pulsar versions prior to 2.11.4 Apache Pulsar versions prior to 3.0.3 Apache Pulsar versions prior to 3.1.3 Apache Pulsar versions prior to 3.2.1 Description: The issue is related to the Pulsar...
com.clever-cloud:biscuit-pulsar (=3.2.1), com.github.shoothzj:test-pulsar (>=3.1.12 <=3.1.15) +10 more potentially affected by CVE-2023-37579 via org.apache.pulsar:pulsar-functions-worker (>=2.0.0-rc1-incubating <=2.10.3)
org.apache.pulsar:pulsar-functions-worker MAVEN version =2.0.0-rc1-incubating, =3.1.12, =0.0.1, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.10.0, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.10.0, =2.0.0-rc1-incubating, =1.0.0, =1.1.0 Source cves: CVE-2023-37579...