CVE-2024-27317: Apache Pulsar: Pulsar Functions Worker’s Archive Extraction Vulnerability Allows Unauthorized File Modification

CVE-2024-27317: Apache Pulsar: Pulsar Functions Worker’s Archive Extraction Vulnerability Allows Unauthorized File Modification

Open Source Security [[{„value“:“

Posted by Lari Hotari on Mar 12

Affected versions:

– Apache Pulsar 2.4.0 before 2.10.6
– Apache Pulsar 2.11.0 before 2.11.4
– Apache Pulsar 3.0.0 before 3.0.3
– Apache Pulsar 3.1.0 before 3.1.3
– Apache Pulsar 3.2.0 before 3.2.1

Description:

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip
files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert