Lucene search
K

18 matches found

EUVD
EUVD
added yesterday9 views

EUVD-2026-36100

Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
added yesterday12 views

EUVD-2026-36099

Fission Container Executor Function PodSpec Injection Leading to Node Escape...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 6:17 p.m.21 views

CVE-2026-50563

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...

9.9CVSS0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 5:34 p.m.25 views

CVE-2026-50570 Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruption

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:27 p.m.18 views

CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:27 p.m.22 views

CVE-2026-50564

CVE-2026-50564 concerns Fission’s Environment CRD prior to version 1.24.0, where spec.runtime.podSpec and spec.builder.podSpec were merged into runtime/builder pod specs without filtering. This allowed propagation of hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from...

9.9CVSS5.5AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 5:27 p.m.34 views

CVE-2026-50563 Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...

9.9CVSS0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:27 p.m.15 views

CVE-2026-50563 Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:27 p.m.32 views

CVE-2026-50563

Fission before v1.24.0 allows a tenant to supply Function.spec.podspec, which is merged into the executor-built podspec and used to create a Deployment for the user’s container image. This directly explains the root cause of the listed vulnerability and aligns with the patched state in v1.24.0. T...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 5:26 p.m.26 views

CVE-2026-50545 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48507

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where the Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough lacks validation. This allows the MergePodSpec function ...

9.9CVSS5.8AI score0.003EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.26 views

PT-2026-48509

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is a Kubernetes-native serverless framework. The Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities stem from the Container Executor’s path, which allows tenants to directly provide Function.spec.podspec. The executor merges thi...

9.9CVSS5.3AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a security vulnerability. This vulnerability stemmed from the lack of validation in the Environment.spec.runtime.podSpec/spec.builder.podSpec field. When using MergePodSpec,...

9.9CVSS5.3AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48508

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The Container Executor path allows a tenant to directly supply...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References9
NVD
NVD
added 2024/07/01 9:15 p.m.32 views

CVE-2024-38366

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX...

10CVSS0.17786EPSS
Exploits1References3
CVE
CVE
added 2024/07/01 8:42 p.m.95 views

CVE-2024-38366

CVE-2024-38366 affects CocoaPods Trunk Server (trunk.cocoapods.org). The flaw stems from the email signup MX verification using an RFC-822 library which executes the host command to validate MX records, enabling remote code execution on the Trunk server. The underlying risk is that an attacker co...

10CVSS9.7AI score0.17786EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 7:27 a.m.6 views

Malicious code in intercom-react-native.podspec (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7abac0d25d94aaefe28f345fed96e1b39bc48cf2a461e080bc7932439219bfd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder