EUVD-2024-0895

Malicious code in bioql PyPI...

CVE-2023-30429

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar...

CVE-2022-24280

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP addre...

Improper Authentication

Apache Pulsar Proxy is vulnerable to Improper Authentication. The vulnerability is caused due to missing authorization checks in the /proxy-stats endpoint. This can lead to unauthorized access this sensitive endpoints, allowing attackers to view detailed connection statistics and potentially...

org.apache.pulsar:pulsar-server-distribution (=3.1.0) potentially affected by CVE-2022-34321 via org.apache.pulsar:pulsar-proxy (=3.1.0)

org.apache.pulsar:pulsar-proxy MAVEN version =3.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-proxy and may be impacted: - org.apache.pulsar:pulsar-server-distribution =3.1.0 Source cves: CVE-2022-34321 Source advisory:...

org.apache.pulsar:pulsar-server-distribution (>=2.11.0 <=2.11.2) potentially affected by CVE-2022-34321 via org.apache.pulsar:pulsar-proxy (>=2.11.0 <=2.11.2)

org.apache.pulsar:pulsar-proxy MAVEN version =2.11.0, =2.11.0, =2.11.2 Source cves: CVE-2022-34321 Source advisory: OSV:GHSA-C35H-W8HJ-MM55...

org.apache.pulsar:pulsar-server-distribution (>=3.0.0 <=3.0.17) potentially affected by CVE-2022-34321 via org.apache.pulsar:pulsar-proxy (>=3.0.0 <=3.0.17)

org.apache.pulsar:pulsar-proxy MAVEN version =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2022-34321 Source advisory: OSV:GHSA-C35H-W8HJ-MM55...

GHSA-C35H-W8HJ-MM55 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

Authentication flaw

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

com.clever-cloud:biscuit-pulsar (=3.2.1), com.github.shoothzj:test-pulsar (>=3.1.12 <=3.1.15) +12 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (>=1.19.0-incubating <=2.10.4)

org.apache.pulsar:pulsar-websocket MAVEN version =1.19.0-incubating, =3.1.12, =0.0.1, =2.0.0-rc1-incubating, =1.19.0-incubating, =1.19.0-incubating, =2.10.0, =2.10.0, =2.0.0-rc1-incubating, =2.10.0, =2.10.0, =1.19.0-incubating, =1.0.0, =1.1.0 Source cves: CVE-2023-37544 Source advisory:...

Improper Authentication

org.apache.pulsar:pulsar-broker is vulnerable to Improper Authentication. When authenticateOriginalAuthData is set to false, the clients may continue to connect to a broker even after the authentication data has expired if they used Pulsar Proxy or a specifically designed connect command...

Incorrect Authorization

org.apache.pulsar is vulnerable to Incorrect Authorization. The vulnerability exists because the worker incorrectly performs authorization by using the proxy's role for authorization instead of the client's role when a client connects to the Pulsar function worker via a Pulsar Proxy, which can...

GHSA-47R2-PHR8-M8CP Apache Pulsar Broker Improper Authentication vulnerability

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...

Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

CVE-2023-30428 Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

CVE-2023-30428 Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle MITM attack, manipulating network traffic and gaining the client's authentication data...

Denial Of Service (DoS)

pulsar-proxy is vulnerable to denial of service. The vulnerability exists because the library does not properly limit the proxy broker connections in pulsar proxy functionality, allowing an attacker to crash the application by making TCP/IP connection attempts...

org.apache.pulsar:distribution (>=2.0.0-rc1-incubating <=2.0.1-incubating), org.apache.pulsar:pulsar-docker-image (>=2.0.0-rc1-incubating <=2.7.4) +1 more potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-proxy (>=2.0.0-rc1-incubating <=2.7.4)

org.apache.pulsar:pulsar-proxy MAVEN version =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.1.0-incubating, =2.11.4 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...

org.apache.pulsar:pulsar-server-distribution (>=2.9.0 <=2.9.2) potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-proxy (>=2.9.0 <=2.9.2)

org.apache.pulsar:pulsar-proxy MAVEN version =2.9.0, =2.9.0, =2.9.2 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...