8 matches found
BIT-APISIX-2025-27446 Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIXjava-plugin-runner. Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIXjava-plugin-runner: from 0.2.0 through 0.5.0. Users are...
Apache Apisix elevation of privilege vulnerability (CNVD-2025-20873)
Apache Apisix is a cloud-native microservices API gateway service of the U.S. Apache Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . An elevation of privilege...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper assignment of permissions to the local listening file. An attacker can gain elevated privileges by accessing or modifying the file with insufficiently restricted...
CVE-2025-27446
CVE-2025-27446 affects Apache APISIX (java-plugin-runner) from version 0.2.0 through 0.5.0. The root cause is improper permissions on a local listening file, enabling a local attacker to elevate privileges. The issue’s impact is high (local, user-privilege escalation with high confidentiality/int...
CVE-2025-27446 Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIXjava-plugin-runner. Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIXjava-plugin-runner: from 0.2.0 through 0.5.0. Users are...
Apache Apisix 安全漏洞
Apache Apisix is a cloud-native microservices API gateway service of the U.S. Apache Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . An elevation of privilege...
PT-2025-28065 · Apache · Apache Apisix
Name of the Vulnerable Software and Affected Versions: Apache APISIXjava-plugin-runner versions 0.2.0 through 0.5.0 Description: The issue is related to incorrect permission assignment for critical resources in the Apache APISIX java-plugin-runner, allowing a local attacker to elevate privileges...
@garment/plugin-runner-publish (>=0.13.7 <=0.18.0), bower-npm-resolver (=0.11.0) +4 more potentially affected by CVE-2022-0355 via simple-get (=3.0.3)
simple-get NPM version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on simple-get and may be impacted: - @garment/plugin-runner-publish =0.13.7, =3.2.4, =2.0.3, =2.0.5 Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...