7 matches found
Password Disclosure
akka-stream-kafka is vulnerable to Password Disclosure. The vulnerability exists because it does not redact the Consumer or Producer properties in logs, which allows an attacker to read credentials as plaintext through the akka.kafka.internal.KafkaConsumerActor when debug logging is enabled...
com.github.arielf-camacho:kafka-utils_2.12 (>=1.0.1 <=1.0.3), com.github.j5ik2o:akka-persistence-dynamodb-kafka-write-adaptor_2.12 (=1.1.0) +56 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.12 (>=0.13 <=4.0.1)
com.typesafe.akka:akka-stream-kafka2.12 MAVEN version =0.13, =1.0.1, =1.0.1, =2.0.5, =1.0.0, =0.3, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.6.8-RC1 and more Source cves:...
com.typesafe.akka:akka-stream-kafka-cluster-sharding_3 (=4.0.1), com.typesafe.akka:akka-stream-kafka-testkit_3 (=4.0.1) potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_3 (=4.0.1)
com.typesafe.akka:akka-stream-kafka3 MAVEN version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-stream-kafka3 and may be impacted: - com.typesafe.akka:akka-stream-kafka-cluster-sharding3 =4.0.1 -...
com.github.j5ik2o:akka-persistence-dynamodb-kafka-write-adaptor_2.11 (=1.1.0), com.github.j5ik2o:akka-persistence-kafka_2.11 (>=1.0.4 <=1.0.5) +1 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.11 (>=2.0.0 <=2.0.7)
com.typesafe.akka:akka-stream-kafka2.11 MAVEN version =2.0.0, =1.0.4, =2.0.0, =2.0.7 Source cves: CVE-2023-29471 Source advisory: OSV:GHSA-55VQ-XPJF-R2XC...
com.lightbend.lagom:lagom-javadsl-integration-client_2.11 (>=1.5.0 <=1.5.5), com.lightbend.lagom:lagom-javadsl-kafka-broker_2.11 (>=1.5.0 <=1.5.5) +7 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.11 (>=1.0 <=1.1.0)
com.typesafe.akka:akka-stream-kafka2.11 MAVEN version =1.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.0, =1.1.0-RC2 Source cves: CVE-2023-29471 Source advisory: OSV:GHSA-55VQ-XPJF-R2XC...
com.adendamedia:cornucopia_2.11 (>=0.5.0 <=0.6.2), com.deciphernow:franz_2.11 (=1.0.0) +17 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.11 (>=0.11-M2 <=0.22)
com.typesafe.akka:akka-stream-kafka2.11 MAVEN version =0.11-M2, =0.5.0, =2.0.5, =0.1.3, =1.0.0, =1.2.0, =1.2.0, =1.2.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.4.9, =1.4.15 - de.nierbeck.floating.data:akka-ingest2.11 =0.1.1 - de.nierbeck.floating.data:akka-server2.11 =0.1.1 and more Source cves:...
biz.lobachev.annette:application_2.13 (>=0.1.2 <=0.3.0), biz.lobachev.annette:attributes_2.13 (>=0.1.2 <=0.2.5) +71 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.13 (>=1.0.4 <=4.0.1)
com.typesafe.akka:akka-stream-kafka2.13 MAVEN version =1.0.4, =0.1.2, =0.1.2, =0.1.2, =0.3.0, =0.1.2, =0.1.2, =0.3.0, =0.3.0, =1.0.1, =22.10.0, =0.1.6, =0.1, =0.0.0-NIGHTLY01122020, =back-to-core-SNAPSHOT-4 and more Source cves: CVE-2023-29471 Source advisory: OSV:GHSA-55VQ-XPJF-R2XC...