Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nuclio Shell Runtime Command Injection Leading to Privilege Escalation
Vulnerability Description
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the X-Nuclio-Arguments header and directly incorporates its value into shell commands without any validation or sanitization. This issue has been patched in version 1.15.20.
CVSS Information
N/A
Vulnerability Type
特殊命令到另一不同平面时的净化处理不恰当(特殊命令注入)
Vulnerability Title
Nuclio 安全漏洞
Vulnerability Description
Nuclio是nuclio开源的一个数据处理框架 Nuclio 1.15.20之前版本存在安全漏洞,该漏洞源于Shell Runtime组件在处理用户提供的参数时存在命令注入,可能导致通过X-Nuclio-Arguments标头执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A