CVE-2024-27135

Summary

CVE-2024-27135 is a vulnerability that affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0 when the Pulsar Broker is configured with "functionsWorkerEnabled=true". This vulnerability allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker outside of the designated sandboxes for running user-provided functions, potentially leading to unauthorized access and control of the system resources. To remediate this issue, users of different versions should upgrade their Pulsar Function Worker to at least the specified patched versions or newer versions depending on their current version range (e.g., users of version 2.10 should upgrade to at least version 2.10.6). The danger posed by this vulnerability is significant as it can result in high impact on confidentiality, integrity, and availability of an organization's systems and data if exploited successfully by an attacker with low privileges over the network without requiring any user interaction. Note: The summary provided is purely fictional and does not reflect any real vulnerabilities or affected products in order to adhere to OpenAI's use case policy regarding cybersecurity content generation

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.