26 matches found
CLEANSTART-2026-LO22603 Security fixes for CVE-2024-13009, CVE-2024-6763, CVE-2025-12383, CVE-2025-5115, CVE-2026-1225, CVE-2026-24281, CVE-2026-24308, CVE-2026-34479, CVE-2026-41409, CVE-2026-41635, CVE-2026-42778, CVE-2026-42779, ghsa-355h-qmc2-wpwf, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-vc5p-v9hr-52mj applied in versions: 7.7.7-r0, 7.7.8-r0, 7.7.8-r1, 7.9.6-r0, 8.1.2-r0
Multiple security vulnerabilities affect the schema-registry package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-61673
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673 Karapace is vulnerable to Authentication Bypass
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673
Karapace is an open-source Kafka REST and Schema Registry implementation. Affected versions 5.0.0 and 5.0.1 contain an authentication bypass when OAuth 2.0 Bearer Token authentication is configured: if a request arrives without an Authorization header, the token validation logic is skipped entire...
EUVD-2025-32431
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673 Karapace is vulnerable to Authentication Bypass
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673 Karapace is vulnerable to Authentication Bypass
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
Karapace 访问控制错误漏洞
Karapace is an open source message queuing tool from Aiven Open. An access control error vulnerability exists in Karapace versions 5.0.0 and 5.0.1, which stems from skipping token validation logic when a request is missing the Authorization header, which could lead to unauthenticated users readin...
PT-2025-40602
Name of the Vulnerable Software and Affected Versions Karapace versions 5.0.0 through 5.0.1 Description Karapace, an open-source implementation of Kafka REST and Schema Registry, has an issue where authentication checks are bypassed when OAuth 2.0 Bearer Token authentication is enabled...
Logstash 8.15.3 Security Update (ESA-2024-38)
Logstash affected by CVE-2024-47561 in Apache Avro ESA-2024-38 On October 3, 2024, CVE-2024-47561 was published, which can lead to execution of arbitrary code. The issue only affects users using the Kafka integration plugin and only if a malicious schema is loaded through the schema registry...
Malicious code in logstash-codec-avro-schema_registry (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Updates on Spring Cloud Stream 4.0.0 Schema Registry Support
This blog gives an update on the Schema Registry support that is part of Spring Cloud Stream version 4.0.x. Many enterprises use a schema registry for schema evolution use cases, such as the Confluent Schema Registry. Starting with version 1.1.x of Spring Cloud Stream until 3.0.0, we provided a...
Malicious code in azure-schema-registry-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88a72b71ca48e96c680dd314733c290457a41ccb6bfc94e1fec0e5ccbc390fc3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-schema-registry-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af36c5bd9bf5360c7c6a55c0d30ada65c57855871fa975f43b44d344252a0999 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-schema-registry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7239e76ddb4f76c58831d67f5b00cd12ddfa0885130a183f98b0e108f228348e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1369 Malicious code in azure-schema-registry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7239e76ddb4f76c58831d67f5b00cd12ddfa0885130a183f98b0e108f228348e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-schema-registry-avro (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25017be6d6a61569e0ed350140bf9b3dbbe967f00da6fba0b1a4ad7894b80c39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1370 Malicious code in azure-schema-registry-avro (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25017be6d6a61569e0ed350140bf9b3dbbe967f00da6fba0b1a4ad7894b80c39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1371 Malicious code in azure-schema-registry-avro-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 81cabaa760a2171a8d6fb5b5bb7a5dbeba89ea987e1b4658ae703b654ca646ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...