CVE-2025-14986
- EPSS 0.02%
- Veröffentlicht 30.12.2025 20:17:47
- Zuletzt bearbeitet 31.12.2025 20:42:43
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationR...
CVE-2025-14987
- EPSS 0.02%
- Veröffentlicht 30.12.2025 20:16:20
- Zuletzt bearbeitet 31.12.2025 20:42:43
When system.enableCrossNamespaceCommands is enabled (on by default), the Temporal server permits certain workflow task commands (e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution) to target a di...
CVE-2024-2689
- EPSS 0.07%
- Veröffentlicht 03.04.2024 22:15:07
- Zuletzt bearbeitet 27.08.2025 21:15:44
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If l...
CVE-2023-3485
- EPSS 0.02%
- Veröffentlicht 30.06.2023 18:15:10
- Zuletzt bearbeitet 21.11.2024 08:17:22
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of...