Lucene search
+L

29 matches found

NVD
NVD
added 2024/03/12 7:15 p.m.14 views

CVE-2024-27894

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...

8.8CVSS8.4AI score0.01895EPSS
Exploits0References3
Prion
Prion
added 2024/03/12 7:15 p.m.30 views

Design/Logic Flaw

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...

4.6CVSS8.4AI score0.01895EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 7:15 p.m.16 views

Directory traversal

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...

4.6CVSS6.9AI score0.56934EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 6:19 p.m.9 views

CVE-2024-27894 Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...

8.5CVSS7AI score0.01895EPSS
Exploits0References5
CVE
CVE
added 2024/03/12 6:19 p.m.77 views

CVE-2024-27894

The CVE describes a vulnerability in Apache Pulsar where the Functions Worker can create functions whose implementation is fetched from a URL (file, http, https). An authenticated attacker could read any file the worker process can access (including environment secrets) and use the worker as a pr...

8.8CVSS8.4AI score0.01895EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/12 6:18 p.m.20 views

CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...

8.4CVSS6.6AI score0.56934EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.4 views

Apache Pulsar 安全漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

8.8CVSS6.9AI score0.01895EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.3 views

PT-2024-2611 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions prior to 2.10.6 Apache Pulsar versions prior to 2.11.4 Apache Pulsar versions prior to 3.0.3 Apache Pulsar versions prior to 3.1.3 Apache Pulsar versions prior to 3.2.1 Description: The issue is related to the Pulsar...

8.8CVSS7.3AI score0.01895EPSS
Exploits0References15
vulnersOsv
vulnersOsv
added 2023/07/12 12:31 p.m.7 views

com.clever-cloud:biscuit-pulsar (=3.2.1), com.github.shoothzj:test-pulsar (>=3.1.12 <=3.1.15) +10 more potentially affected by CVE-2023-37579 via org.apache.pulsar:pulsar-functions-worker (>=2.0.0-rc1-incubating <=2.10.3)

org.apache.pulsar:pulsar-functions-worker MAVEN version =2.0.0-rc1-incubating, =3.1.12, =0.0.1, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.10.0, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.10.0, =2.0.0-rc1-incubating, =1.0.0, =1.1.0 Source cves: CVE-2023-37579...

8.2CVSS6.9AI score0.00819EPSS
Exploits0
Rows per page
Query Builder