6 matches found
club.callmee:spring-boot-pulsar-starter-client (>=2.10.0-11-1 <=2.10.0-11-3), com.datastax.astra:astra-sdk (>=0.3.1 <=0.3.3) +34 more potentially affected by CVE-2022-33681 via org.apache.pulsar:pulsar-client (=2.10.0)
org.apache.pulsar:pulsar-client MAVEN version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-client and may be impacted: - club.callmee:spring-boot-pulsar-starter-client =2.10.0-11-1, =0.3.1, =0.3.1, =0.3.1, =1.0.5,...
club.callmee:spring-boot-pulsar-starter-client (>=2.10.0-11-1 <=2.10.0-11-3), cn.starlight-software:sherly-pulsar (=2.0.6) +284 more potentially affected by CVE-2022-33681 via org.apache.pulsar:pulsar-client (>=1.19.0-incubating <=2.7.4)
org.apache.pulsar:pulsar-client MAVEN version =1.19.0-incubating, =2.10.0-11-1, =0.0.2, =0.0.1, =0.0.1, =2.8.2, =2.9.0, =2.8.2, =2.9.0, =v2.8.2 - com.clever-cloud.pulsar4s:pulsar4s-avro3 =2.9.0 and more Source cves: CVE-2022-33681 Source advisory: OSV:GHSA-C5FP-X2H5-VJV7...
CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...
CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...
CVE-2022-33681
CVE-2022-33681 describes a vulnerability in the Apache Pulsar Java Client and Pulsar Proxy where delayed TLS hostname verification allows a MITM to capture authentication data. Affected software (from the provided docs) includes Apache Pulsar Java Client versions: 2.7.0–2.7.4; 2.8.0–2.8.3; 2.9.0–...
CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...