Apache OpenWhisk is a serverless, open source cloud platform that executes functions in response to events at any scale. OpenWhisk is a cloud-first distributed event-based programming service. It provides a programming model to upload event handlers to a cloud service, and register the handlers to respond to various events.

PureSec recently discovered that under certain conditions (specified below), a remote attacker may overwrite the source code of the action (serverless function) being executed and influence subsequent executions of the same function in the same container.