Lucene search
K

9 matches found

NVD
NVD
added 2026/06/10 12:16 a.m.11 views

CVE-2026-41732

JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...

8.1CVSS0.00347EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:49 p.m.34 views

CVE-2026-41732

CVE-2026-41732 affects Spring for Apache Pulsar due to JsonPulsarHeaderMapper using a prefix-based check on trusted packages, causing trust to cascade to subpackages. An empty trusted-packages config can default to trusting all packages. This exposes potential deserialization risk by allowing acc...

8.1CVSS5.5AI score0.00347EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48328

Name of the Vulnerable Software and Affected Versions Spring for Apache Pulsar versions 1.1.0 through 1.1.17 Spring for Apache Pulsar versions 1.2.0 through 1.2.17 Spring for Apache Pulsar versions 2.0.0 through 2.0.5 Description JsonPulsarHeaderMapper uses a prefix check to match type headers...

8.1CVSS5.8AI score0.00347EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0948

Malicious code in bioql PyPI...

9.9CVSS8.8AI score0.56934EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/04/09 12:30 p.m.6 views

org.apache.pulsar:pulsar-io-distribution (>=2.3.0 <=2.7.5), org.apache.pulsar:pulsar-io-docs (>=2.3.0 <=2.7.5) potentially affected by CVE-2025-30677 via org.apache.pulsar:pulsar-io-kafka (>=2.3.0 <=2.7.5)

org.apache.pulsar:pulsar-io-kafka MAVEN version =2.3.0, =2.3.0, =2.3.0, =2.7.5 Source cves: CVE-2025-30677 Source advisory: SNYK:JAVA-ORGAPACHEPULSAR-9685318...

6.5CVSS5.8AI score0.00607EPSS
Exploits0
OSV
OSV
added 2024/03/12 7:15 p.m.6 views

CVE-2024-27135

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is...

9.9CVSS9.6AI score0.05983EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/12 6:17 p.m.19 views

CVE-2022-34321 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

8.2CVSS8.3AI score0.01765EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/12/20 9:30 a.m.4 views

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.1) +7 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (>=2.11.0 <=2.11.1)

org.apache.pulsar:pulsar-websocket MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.1 Source cves: CVE-2023-37544 Source advisory: OSV:GHSA-83Q5-WHQP-R8JR...

7.5CVSS7.1AI score0.01351EPSS
Exploits0
OSV
OSV
added 2023/07/12 12:31 p.m.1 views

GHSA-74MC-G2XV-PCH2 Apache Pulsar Function Worker Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks...

6.5CVSS5.8AI score0.0058EPSS
Exploits0References3
Rows per page
Query Builder