4 matches found
Denial Of Service (DoS)
org.apache.kafka, kafka-clients is vulnerable to Denial Of Service DoS. The vulnerability is due to insecure SASL JAAS JndiLoginModule configuration in the Kafka Connect API and brokers, which allows attackers with AlterConfigs permission to exploit the system...
Apache Kafka Deserialization of Untrusted Data vulnerability
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...
Deserialization of Untrusted Data
Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Deserialization of...
CVE-2025-27819 Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...