6 matches found
CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...
Nuclio 安全漏洞
Nuclio is an open-source data processing framework developed by Nuclio. Versions of Nuclio prior to 1.15.20 contained security vulnerabilities. These vulnerabilities stemmed from the Shell Runtime component, which allowed command injection when processing parameters provided by users. This could...
Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
Summary This vulnerability exists in Nuclio's Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin...
PT-2026-23091
Name of the Vulnerable Software and Affected Versions Nuclio versions prior to 1.15.20 Description Nuclio's Shell Runtime component contains a command injection issue. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into she...