Improper Authentication

org.apache.pulsar:pulsar-broker is vulnerable to Improper Authentication. When authenticateOriginalAuthData is set to false, the clients may continue to connect to a broker even after the authentication data has expired if they used Pulsar Proxy or a specifically designed connect command...

Incorrect Authorization

org.apache.pulsar is vulnerable to Incorrect Authorization. The vulnerability exists because the worker incorrectly performs authorization by using the proxy's role for authorization instead of the client's role when a client connects to the Pulsar function worker via a Pulsar Proxy, which can...

club.callmee:spring-boot-pulsar-starter-client (>=2.10.0-11-1 <=2.10.0-11-3), cn.starlight-software:sherly-pulsar (=2.0.6) +284 more potentially affected by CVE-2022-33681 via org.apache.pulsar:pulsar-client (>=1.19.0-incubating <=2.7.4)

org.apache.pulsar:pulsar-client MAVEN version =1.19.0-incubating, =2.10.0-11-1, =0.0.2, =0.0.1, =0.0.1, =2.8.2, =2.8.2, =2.8.2, =2.8.2, =v2.8.2 - com.clever-cloud.pulsar4s:pulsar4s-avro3 =2.9.0 and more Source cves: CVE-2022-33681 Source advisory: OSV:GHSA-C5FP-X2H5-VJV7...