org.apache.pulsar:pulsar-functions-worker (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.pulsar:pulsar-functions-worker, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2024-27135 — CVSS 8.5 (high): Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar…
CVE-2024-27894 — CVSS 8.5 (high): The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation…
CVE-2024-27317 — CVSS 8.4 (high): In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted…
CVE-2023-37579 — CVSS 8.2 (high): Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before…