CVE-2024-27894: Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying

CVE-2024-27894: Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying

Open Source Security [[{„value“:“

Posted by Lari Hotari on Mar 12

Affected versions:

– Apache Pulsar 2.4.0 before 2.10.6
– Apache Pulsar 2.11.0 before 2.11.4
– Apache Pulsar 3.0.0 before 3.0.3
– Apache Pulsar 3.1.0 before 3.1.3
– Apache Pulsar 3.2.0 before 3.2.1

Description:

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the
function’s implementation is referenced by a URL. The supported URL schemes include „file“,…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert