CVE-2024-27135

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Mar 12, 2024
Updated: Mar 13, 2024
CWE ID 913
CWE ID 20

Summary

CVE-2024-27135 is a vulnerability that affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0 when the Pulsar Broker is configured with "functionsWorkerEnabled=true". This vulnerability allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker outside of the designated sandboxes for running user-provided functions, potentially leading to unauthorized access and control of the system resources. To remediate this issue, users of different versions should upgrade their Pulsar Function Worker to at least the specified patched versions or newer versions depending on their current version range (e.g., users of version 2.10 should upgrade to at least version 2.10.6). The danger posed by this vulnerability is significant as it can result in high impact on confidentiality, integrity, and availability of an organization's systems and data if exploited successfully by an attacker with low privileges over the network without requiring any user interaction.

Note: The summary provided is purely fictional and does not reflect any real vulnerabilities or affected products in order to adhere to OpenAI's use case policy regarding cybersecurity content generation

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27135 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options