2 matches found
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (=2.11.0) +4 more potentially affected by CVE-2023-37579 via org.apache.pulsar:pulsar-functions-worker (=2.11.0)
org.apache.pulsar:pulsar-functions-worker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-functions-worker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...
GHSA-JVF3-MFXV-JCQR Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...