24 matches found
EUVD-2024-0894
Malicious code in bioql PyPI...
EUVD-2024-0948
Malicious code in bioql PyPI...
The vulnerability of the Pulsar Functions Worker module on the cloud platform for distributed messaging and Apache Pulsar streaming services allows a attacker to cause a service failure.
The vulnerability of the Pulsar Functions Worker module on the cloud platform for distributed messaging and Apache Pulsar streaming involves the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Pulsar Functions Worker module on the cloud platform for distributed messaging and Apache Pulsar streaming involves allowing a hacker to execute arbitrary code.
The vulnerability of the Pulsar Functions Worker module on the cloud platform for distributed messaging and Apache Pulsar streaming involves an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
Unauthorized File Access
org.apache.pulsar: pulsar-functions-worker is vulnerable to Unauthorized File Access. The vulnerability is due to a feature that allows authenticated users to create functions with implementations referenced by URLs, including file, http, and https schemes. This vulnerability can potentially lead...
Unspecified Vulnerability in Apache Pulsar (CNVD-2024-26183)
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.3) +4 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (>=2.11.0 <=2.11.3)
org.apache.pulsar:pulsar-functions-worker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2024-27894 Source advisory: OSV:GHSA-C2X9-VW5H-39VC...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.3) +4 more potentially affected by CVE-2024-27317 via org.apache.pulsar:pulsar-functions-worker (>=2.11.0 <=2.11.3)
org.apache.pulsar:pulsar-functions-worker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2024-27317 Source advisory: OSV:GHSA-JG2G-4RJG-CMQH...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.3) +4 more potentially affected by CVE-2024-27135 via org.apache.pulsar:pulsar-functions-worker (>=2.11.0 <=2.11.3)
org.apache.pulsar:pulsar-functions-worker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2024-27135 Source advisory: OSV:GHSA-XP2R-G8QQ-44HH...
com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +6 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (>=3.0.0 <=3.0.2)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-27894 Source advisory: OSV:GHSA-C2X9-VW5H-39VC...
org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2) +3 more potentially affected by CVE-2024-27317 via org.apache.pulsar:pulsar-functions-worker (>=3.1.0 <=3.1.2)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-27317 Source advisory: OSV:GHSA-JG2G-4RJG-CMQH...
org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2) +3 more potentially affected by CVE-2024-27135 via org.apache.pulsar:pulsar-functions-worker (>=3.1.0 <=3.1.2)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-27135 Source advisory: OSV:GHSA-XP2R-G8QQ-44HH...
org.apache.pulsar:pulsar-broker (=3.2.0), org.apache.pulsar:pulsar-broker-auth-athenz (=3.2.0) +3 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (=3.2.0)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-functions-worker and may be impacted: - org.apache.pulsar:pulsar-broker =3.2.0 -...
org.apache.pulsar:pulsar-broker (=3.2.0), org.apache.pulsar:pulsar-broker-auth-athenz (=3.2.0) +3 more potentially affected by CVE-2024-27317 via org.apache.pulsar:pulsar-functions-worker (=3.2.0)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-functions-worker and may be impacted: - org.apache.pulsar:pulsar-broker =3.2.0 -...
org.apache.pulsar:pulsar-broker (=3.2.0), org.apache.pulsar:pulsar-broker-auth-athenz (=3.2.0) +3 more potentially affected by CVE-2024-27135 via org.apache.pulsar:pulsar-functions-worker (=3.2.0)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-functions-worker and may be impacted: - org.apache.pulsar:pulsar-broker =3.2.0 -...
com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +6 more potentially affected by CVE-2024-27135 via org.apache.pulsar:pulsar-functions-worker (>=3.0.0 <=3.0.2)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-27135 Source advisory: OSV:GHSA-XP2R-G8QQ-44HH...
com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +6 more potentially affected by CVE-2024-27317 via org.apache.pulsar:pulsar-functions-worker (>=3.0.0 <=3.0.2)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-27317 Source advisory: OSV:GHSA-JG2G-4RJG-CMQH...
CVE-2024-27894
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will...
CVE-2024-27317
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...
Directory traversal
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...