26 matches found
Malicious Package
Overview openwhisk-probot-builder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2018-3776
Malware in sbrugna...
EUVD-2018-3775
Malware in sbrugna...
Malicious code in openwhisk-probot-builder (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df529e6edfae25a9476f48b45ecffb81a502aff2baa1f23ffe224a99c88a0fa5 Any computer that has this package installed or running should be considered...
MAL-2025-47855 Malicious code in openwhisk-probot-builder (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df529e6edfae25a9476f48b45ecffb81a502aff2baa1f23ffe224a99c88a0fa5 Any computer that has this package installed or running should be considered...
@adobe/openwhisk-probot-builder (>=1.0.37 <=1.0.66), @adobe/probot-serverless-openwhisk (>=4.0.32 <=4.0.55) +29 more potentially affected by CVE-2023-50728 via probot (>=0.3.3 <=12.3.1)
probot NPM version =0.3.3, =1.0.37, =4.0.32, =2.0.0, =2.0.0, =1.0.0, =1.0.0, =0.0.0-PLACEHOLDER, =0.1.0, =1.0.0, =0.0.1, =0.10.1, =2.0.0, =2.1.0 and more Source cves: CVE-2023-50728 Source advisory: OSV:GHSA-PWFR-8PQ7-X9QV...
@adobe/probot-serverless-openwhisk (>=4.0.24 <=4.0.54), @csnext/cs-layer-server (>=0.0.101-beta.22 <=0.0.132-beta.207) +243 more potentially affected by CVE-2021-32822 via hbs (>=1.0.1 <=4.1.2)
hbs NPM version =1.0.1, =4.0.24, =0.0.101-beta.22, =0.7.0, =0.7.0, =0.7.0, =0.19.0, =2.0.1, =0.1.5, =0.9.0, =0.0.1-alpha.0, =0.1.2, =0.1.2, =0.1.0, =0.2.1, =4.3.0 and more Source cves: CVE-2021-32822 Source advisory: OSV:GHSA-7F5C-RPF4-86P8...
@adobe-commerce/aio-services-kit (>=1.0.0 <=1.0.1), @adobe-commerce/aio-toolkit (>=1.0.0 <=1.2.5) +64 more potentially affected by unknown CVE via openwhisk (>=1.0.1 <=3.21.8)
openwhisk NPM version =1.0.1, =1.0.0, =1.0.0, =0.6.0, =2.1.0, =8.3.0-pre.2022-06-22.sha-42703caf, =1.0.0, =0.3.1, =0.1.0, =1.0.3, =0.6.0, =1.0.0, =0.0.3, =0.2.0, =0.12.0, =0.0.2, =7.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-53MJ-MC38-Q894...
GHSA-53MJ-MC38-Q894 Remote Memory Exposure in openwhisk
Versions of openwhisk before 3.3.1 are vulnerable to remote memory exposure. When a number is passed to apikey, affected versions of openwhisk allocate an uninitialized buffer and send that over network in Authorization header base64-encoded. Proof of concept: js var openwhisk = require'openwhisk...
Remote Memory Exposure in openwhisk
Versions of openwhisk before 3.3.1 are vulnerable to remote memory exposure. When a number is passed to apikey, affected versions of openwhisk allocate an uninitialized buffer and send that over network in Authorization header base64-encoded. Proof of concept: js var openwhisk = require'openwhisk...
Apache OpenWhisk Remote Code Execution Vulnerability (CNVD-2018-14727)
Apache OpenWhisk is an open source FaaS cloud platform from the Apache Software Foundation in the U.S. Docker Skeleton Runtime for Apache OpenWhisk is its Docker-based version. A security vulnerability exists in Docker Skeleton Runtime for Apache OpenWhisk. The vulnerability can be exploited to...
Apache OpenWhisk Remote Code Execution Vulnerability
Apache OpenWhisk is an open source FaaS cloud platform from the Apache Software Foundation in the U.S. PHP Runtime for Apache OpenWhisk is its PHP-based version. A security vulnerability exists in PHP Runtime for Apache OpenWhisk. The vulnerability can be exploited to replace the source code of a...
Security Bulletin: IBM Cloud Functions is affected by two function runtimevulnerabilities
Summary IBM Cloud Functions has addressed the following vulnerabilities. Users of the IBM Cloud Functions service that are using docker actions https://console.bluemix.net/docs/openwhisk/openwhiskactions.htmlcreating-docker-actions are affected but only if the user's function has a general securi...
Apache, IBM Patch Critical Cloud Vulnerability
Apache and IBM have patched a critical vulnerability that allows attackers to replace a company’s serverless code with their own malicious script. Once running, the bad code could then be used for a range of nefarious tasks, including extracting confidential customer data such as passwords or...
Code injection
In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...
CVE-2018-11757
In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...
CVE-2018-11756
In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...
CVE-2018-11756
In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...
Code injection
In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...
CVE-2018-11757
In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...