GHSA-5X3R-WRVG-RP6Q vulnerabilities

Vulnerabilities for packages: localstack, apache-nifi, elasticsearch, strimzi-kafka-operator-fips, camunda-zeebe, apache-camel-karavan-devmode, zipkin, trino, apache-pulsar, request-9047-keycloak-fips, camunda, elasticsearch-fips, knative-kafka-broker, management-api-for-apache-cassandra-4.0,...

CVE-2023-51437

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

CVE-2022-33682

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

CVE-2024-28098

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache...

Apache Pulsar 安全漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...

co.macrometa.c8streams.handlers:kop (>=2.7.1.5 <=2.7.1.6), com.clever-cloud:biscuit-pulsar (=3.2.1) +11 more potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-broker (>=1.19.0-incubating <=2.7.4)

org.apache.pulsar:pulsar-broker MAVEN version =1.19.0-incubating, =2.7.1.5, =3.1.12, =3.6, =3.6, =0.0.1, =2.0.0-rc1-incubating, =1.19.0-incubating, =2.4.0, =2.0.0-rc1-incubating, =2.1.0-incubating, =1.19.0-incubating, =1.0.0, =1.1.0 Source cves: CVE-2022-33683 Source advisory:...

club.callmee:spring-boot-pulsar-starter-client (>=2.10.0-11-1 <=2.10.0-11-3), com.datastax.astra:astra-sdk (>=0.3.1 <=0.3.3) +34 more potentially affected by CVE-2022-33681 via org.apache.pulsar:pulsar-client (=2.10.0)

org.apache.pulsar:pulsar-client MAVEN version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-client and may be impacted: - club.callmee:spring-boot-pulsar-starter-client =2.10.0-11-1, =0.3.1, =0.3.1, =0.3.1, =1.0.5,...

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar lies in the improper verification of the cryptographic signature. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the cloud-based messaging and streaming communication platform Apache Pulsar is related to improper verification of the cryptographic signature. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...