11 matches found
CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
com.github.sakserv:hadoop-mini-clusters-kafka (>=0.1.1 <=0.1.3), com.n3twork.druid:druid-kafka-eight (=0.6.105-hadoop2.4.0) +22 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka_2.9.2 (>=0.8.0-beta1 <=0.8.2.2)
org.apache.kafka:kafka2.9.2 MAVEN version =0.8.0-beta1, =0.1.1, =2.0.0-DP1, =2.0.0-rc.1, =1.4.0, =0.9.1, =1.0.0, =0.1, =1.0, =2.6.3.1, =0.0.1, =2.3.2, =0.8.0, =2.5.0, =2.11.0 and more Source cves: CVE-2025-27819 Source advisory: OSV:GHSA-MCWH-C9PG-XW43...
ai.tripl:arc-jupyter_2.11 (>=0.0.13 <=0.0.14), ai.tripl:arc-kafka-pipeline-plugin_2.11 (>=1.0.0 <=1.4.0) +224 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka_2.11 (>=2.0.0 <=2.4.1)
org.apache.kafka:kafka2.11 MAVEN version =2.0.0, =0.0.13, =1.0.0, =1.14.0, =2.8.0, =3.0.0-M1 - com.daasyyds.presto:daasyyds-hive-connector-patch =0.276.1-202209.1 and more Source cves: CVE-2025-27819 Source advisory: OSV:GHSA-MCWH-C9PG-XW43...
cn.herodotus.engine:message-spring-boot-starter (>=2.7.3.4 <=3.0.0-M2), com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1) +232 more potentially affected by CVE-2025-27818 via org.apache.kafka:kafka_2.13 (>=2.4.0 <=3.9.0)
org.apache.kafka:kafka2.13 MAVEN version =2.4.0, =2.7.3.4, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.7.4-SNAPSHOT-35e64fa - com.bisnode.kafka.authorizat...
This Week in Spring - February 25th, 2025
Hi, Spring fans, and welcome to another rip-roarin' installment of This Week in Spring! Later today I'll board a plane for magnificent Montreal, Canada for the amazing Confoo conference! I'm super excited! Good news everybody! Spring Boot 3.5.0-M2 is now available! In last week's installment of t...
ai.tripl:arc-jupyter_2.11 (>=0.0.13 <=0.0.14), ai.tripl:arc-kafka-pipeline-plugin_2.11 (>=1.0.0 <=1.4.0) +569 more potentially affected by CVE-2024-56128 via org.apache.kafka:kafka_2.11 (>=0.10.2.0 <=2.4.1)
org.apache.kafka:kafka2.11 MAVEN version =0.10.2.0, =0.0.13, =1.0.0, =1.14.0, =1.0.0, =5.1.0, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =blink-3.2.0, =blink-3.2.0, =1.1.1, =1.1.4 - com.alibaba.otter:canal.kafka =1.1.0 and more Source cves: CVE-2024-56128 Source advisory: OSV:GHSA-P7C9-8XX8-H74F...
cn.herodotus.engine:event-message-spring-boot-starter (=3.0.1.0), com.brihaspathee.zeus:account-processor (>=1.0.0 <=1.0.1) +42 more potentially affected by CVE-2023-34040 via org.springframework.kafka:spring-kafka (>=3.0.0 <=3.0.1)
org.springframework.kafka:spring-kafka MAVEN version =3.0.0, =1.0.0, =2.0.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.2 and more Source cves: CVE-2023-34040 Source advisory: OSV:GHSA-CRQF-Q9FP-HWJW...
Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
ai.databand.azkaban:azkaban-exec-server (=3.18.0), ai.grakn:grakn-dist (>=0.10.0 <=0.15.0) +809 more potentially affected by CVE-2017-12610 via org.apache.kafka:kafka-clients (>=0.10.0.0 <=0.10.2.1)
org.apache.kafka:kafka-clients MAVEN version =0.10.0.0, =0.10.0, =0.10.0, =0.10.0, =0.2, =1.0.0, =1.1.10, =1.2.0 and more Source cves: CVE-2017-12610 Source advisory: OSV:GHSA-XM78-4M3G-7WM7...
com.madewithtea:mockedstreams_2.12 (=3.9.0), io.github.embeddedkafka:embedded-kafka-connect_2.12 (=2.7.0) +5 more potentially affected by CVE-2021-38153 via org.apache.kafka:kafka_2.12 (>=2.7.0 <=2.7.1)
org.apache.kafka:kafka2.12 MAVEN version =2.7.0, =0.7.0, =0.7.0, =2.35.5, =2.36.3 Source cves: CVE-2021-38153 Source advisory: OSV:GHSA-3J6G-HXX5-3Q26...
kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...