Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability

Apache OpenWhisk is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.


Bugtraq ID: 104915
Class: Input Validation Error
CVE: CVE-2018-11756

Remote: Yes
Local: No
Published: Jul 23 2018 12:00AM
Updated: Jul 23 2018 12:00AM
Credit: Yuri Shapira and Ory Segal of PureSec.
Vulnerable: Apache OpenWhisk 1.0

Not Vulnerable: Apache OpenWhisk 1.0.2
Apache OpenWhisk 1.0.1


The researcher has created a functional exploit to demonstrate the issue. Please see the references for more information.

Related Posts