Apache OpenWhisk is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.
Information
Apache OpenWhisk 1.0.1
Exploit
The researcher has created a functional exploit to demonstrate the issue. Please see the references for more information.
References:
- Apache Homepage (Apache)
- [CVE] CVE-2018-11756 PHP Runtime for Apache OpenWhisk (Apache)
- PureSec Security Advisory (puresec.io)