Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability

Apache OpenWhisk is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.
Versions prior to Apache OpenWhisk 1.3.1 are vulnerable.


Bugtraq ID: 104913
Class: Unknown
CVE: CVE-2018-11757

Remote: Yes
Local: No
Published: Jul 23 2018 12:00AM
Updated: Jul 23 2018 12:00AM
Credit: PureSec
Vulnerable: Apache OpenWhisk 1.3

Not Vulnerable: Apache OpenWhisk 1.3.1


The researcher has created a functional exploit to demonstrate the issue. Please see the references for more information.

Related Posts