Maven package
org.apache.pulsar/pulsar-functions-worker
pkg:maven/org.apache.pulsar/pulsar-functions-worker
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27894 | — | >= 2.4.0, < 2.10.6 | 2.10.6 | Mar 12, 2024 | The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Func | ||
| CVE-2024-27317 | — | >= 2.4.0, < 2.10.6 | 2.10.6 | Mar 12, 2024 | In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when th | ||
| CVE-2024-27135 | — | >= 2.4.0, < 2.10.6 | 2.10.6 | Mar 12, 2024 | Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broke | ||
| CVE-2023-37579 | — | < 2.10.4 | 2.10.4 | Jul 12, 2023 | Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sou |
- CVE-2024-27894Mar 12, 2024affected >= 2.4.0, < 2.10.6fixed 2.10.6
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Func
- CVE-2024-27317Mar 12, 2024affected >= 2.4.0, < 2.10.6fixed 2.10.6
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when th
- CVE-2024-27135Mar 12, 2024affected >= 2.4.0, < 2.10.6fixed 2.10.6
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broke
- CVE-2023-37579Jul 12, 2023affected < 2.10.4fixed 2.10.4
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sou