2 matches found
GHSA-C57V-4VG5-CM2X Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...
PT-2023-30962
Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions 3.0.0 through 3.0.1 Description The issue concerns the exposure of sensitive information to unauthorized actors, potentially including database credentials. This exposure can occur in Apache DolphinScheduler,...