26 matches found
CVE-2021-41571
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it f...
CVE-2021-41571 Pulsar Admin API allows access to data from other tenants using getMessageById API
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it f...
CVE-2021-41571
CVE-2021-41571 affects Apache Pulsar. The vulnerability arises from improper validation of the ledger id in the Admin API get-message-by-id, allowing a user to read BookKeeper data for tenants other than their own via the topic- and ledger-id context. Affected versions include Pulsar 2.8.0 and ol...
PT-2022-11431 · Apache · Apache Pulsar
Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions prior to 2.8.1 Apache Pulsar versions prior to 2.7.4 Apache Pulsar versions prior to 2.6.5 Description: The issue allows access to data from BookKeeper that does not belong to the topics accessible by the authenticated...
Apache Pulsar 输入验证错误漏洞
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...
Fedora 29 : nfdump (2019-9013b5e75d)
2019-08-14 - Fix compile issues - Fix output buffer size for lzo1xdecompresssafe 2019-08-07 - Fix VerifyExtensionMap 179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. 175 - Fix off by 1 array. 173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterSt...