org.apache.pulsar:pulsar-functions-worker
Maven4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.pulsar:pulsar-functions-workerpage 1 of 1
- CVE-2023-37579HIGHCVSS 8.2EG 8.2✓ Fixed in 2.11.12023-07-12
vulnerable: 2.11.0
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's conf…
- CVE-2024-27135HIGHCVSS 8.5EG 8.5✓ Fixed in 3.2.12024-03-12
vulnerable: 3.2.0
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulne…
- CVE-2024-27317HIGHCVSS 8.4EG 8.4✓ Fixed in 3.2.12024-03-12
vulnerable: 3.2.0
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory tra…
- CVE-2024-27894HIGHCVSS 8.5EG 8.5✓ Fixed in 3.2.12024-03-12
vulnerable: 3.2.0
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a functi…
Check whether org.apache.pulsar:pulsar-functions-worker is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.pulsar:pulsar-functions-worker CVEs against the assets you own.
Start Free Scan →