Pulsar@2.4.0 Security Vulnerabilities and Issues — Pulsar@2.4.0 CVE List

Lucene search

ApachePulsar2.4.0

3 matches found

CVE•added 2024/03/12 7:15 p.m.•62 views

CVE-2024-27317

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in the ...

9.9CVSS8.2AI score0.0107EPSS

CVE•added 2024/03/12 7:15 p.m.•60 views

CVE-2024-27135

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is config...

9.9CVSS8.6AI score0.0012EPSS

CVE•added 2024/03/12 7:15 p.m.•59 views

CVE-2024-27894

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will r...

8.8CVSS8.4AI score0.00319EPSS