Server-side Request Forgery (SSRF)

Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Server-side Request...

Deserialization of Untrusted Data

Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Deserialization of...

PT-2023-25663 · Nettle · Nettle

Name of the Vulnerable Software and Affected Versions: Nettle versions 3.9 through 3.9.0 Description: The issue allows memory corruption due to a problem in the OCB feature in libnettle. Recommendations: For versions 3.9 through 3.9.0, update to version 3.9.1 or later to resolve the issue...

PT-2021-14684 · Jenkins · Jenkins Promoted Builds Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins promoted builds Plugin versions 3.9 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to promote builds. This issue arises because the plugin does not require POST requests for HTTP endpoints...