Lucene search
K

4 matches found

Veracode
Veracode
added 2025/06/12 7:43 a.m.9 views

Denial Of Service (DoS)

org.apache.kafka, kafka-clients is vulnerable to Denial Of Service DoS. The vulnerability is due to insecure SASL JAAS JndiLoginModule configuration in the Kafka Connect API and brokers, which allows attackers with AlterConfigs permission to exploit the system...

7.5CVSS7.4AI score0.00878EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2025/06/10 9:30 a.m.25 views

Apache Kafka Deserialization of Untrusted Data vulnerability

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

8.8CVSS7.7AI score0.95302EPSS
Exploits8References4Affected Software8
Snyk
Snyk
added 2025/06/10 7:54 a.m.3 views

Deserialization of Untrusted Data

Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Deserialization of...

8.8CVSS7.9AI score0.00878EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/10 7:54 a.m.88 views

CVE-2025-27819 Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

0.00878EPSS
Exploits0References1
Rows per page
Query Builder