12 matches found
EUVD-2024-1030
Malicious code in bioql PyPI...
CVE-2023-51699
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...
GO-2024-2644 Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime in github.com/fluid-cloudnative/fluid
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime in github.com/fluid-cloudnative/fluid...
The vulnerability of the JuiceFSRuntime orchestrator environment for distributed data sets and the open-source Kubernetes accelerator for applications with intensive data processing in Fluid, allows attackers to execute arbitrary commands.
The vulnerability of the JuiceFSRuntime orchestrator for distributed data sets and the open-source Kubernetes accelerator for applications with intensive data processing exists due to the lack of measures taken to eliminate special elements used in the operating system command set. Exploiting thi...
OS Command Injection
github.com/fluid-cloudnative/fluid is vulnerable to OS Command Injection. The vulnerability is due to insufficient input validation within the JuicefsRuntime, allowing an authenticated user with the authority to create or update the K8s CRD Dataset/JuicefsRuntime to execute arbitrary OS commands...
CVE-2023-51699
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...
CVE-2023-51699
Summary: CVE-2023-51699 affects Fluid’s JuicefsRuntime within the Fluid project, enabling OS command injection by an authenticated user with authority to create/update the K8s CRD datasets/ JuicefsRuntime. What is affected: Fluid (open source Kubernetes-native Distributed Dataset Orchestrator) an...
CVE-2023-51699 OS Command Injection for Fluid Users with JuicefsRuntime
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...
CVE-2023-51699 OS Command Injection for Fluid Users with JuicefsRuntime
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...
CVE-2023-51699 OS Command Injection for Fluid Users with JuicefsRuntime
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Impact OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to...
GHSA-WX8Q-4GM9-RJ2G Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Impact OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to...