Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-gv4t-4jqv-97dn

Summary

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".

This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 

2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.
2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.
3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.
3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.
3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.

Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.

Aliases

alias	CVE-2024-27135

alias	GHSA-xp2r-g8qq-44hh

Fixed_packages

url	pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.6
purl	pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.6

url	pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.4
purl	pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.4

url	pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.3
purl	pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.3

url	pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.3
purl	pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.3

url	pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.2.1
purl	pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.2.1

Affected_packages

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.4.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.5.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.3

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.3

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.4

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.6.4

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.3

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.3

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.4

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.4

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.5

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.7.5

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.3

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.3

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.4

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.8.4

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.3

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.3

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.4

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.4

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.5

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.9.5

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.3

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.3

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.4

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.4

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.5

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.10.5

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-djfv-xpuk-93hq

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.3

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@2.11.3

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.0.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.0

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.1

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.1

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.2

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.1.2

url pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.2.0

purl pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w5c-ywtc-vug9

vulnerability	VCID-dw5y-7r9b-rqgz

vulnerability	VCID-gv4t-4jqv-97dn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar-functions-worker@3.2.0

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27135.json

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27135.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27135

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25463
published_at	2026-06-13T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25446
published_at	2026-06-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25249
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27135

reference_url

https://github.com/apache/pulsar

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/pulsar

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2269254
reference_id	2269254
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2269254

reference_url

http://www.openwall.com/lists/oss-security/2024/03/12/9

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-13T14:22:47Z/

url

http://www.openwall.com/lists/oss-security/2024/03/12/9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-27135

reference_id

CVE-2024-27135

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-27135

reference_url

https://pulsar.apache.org/security/CVE-2024-27135

reference_id

CVE-2024-27135

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pulsar.apache.org/security/CVE-2024-27135

reference_url

https://pulsar.apache.org/security/CVE-2024-27135/

reference_id

CVE-2024-27135

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-13T14:22:47Z/

url

https://pulsar.apache.org/security/CVE-2024-27135/

reference_url

https://lists.apache.org/thread/dh8nj2vmb2br6thjltq74lk9jxkz62wn

reference_id

dh8nj2vmb2br6thjltq74lk9jxkz62wn

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-13T14:22:47Z/

url

https://lists.apache.org/thread/dh8nj2vmb2br6thjltq74lk9jxkz62wn

reference_url

https://github.com/advisories/GHSA-xp2r-g8qq-44hh

reference_id

GHSA-xp2r-g8qq-44hh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xp2r-g8qq-44hh

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	913
name	Improper Control of Dynamically-Managed Code Resources
description	The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gv4t-4jqv-97dn

Vulnerability Instance