6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
8.3%
pulsar-proxy is vulnerable to denial of service. The vulnerability exists because the library does not properly limit the proxy broker connections in pulsar proxy functionality, allowing an attacker to crash the application by making TCP/IP connection attempts.
CPE | Name | Operator | Version |
---|---|---|---|
pulsar proxy | le | 2.8.2 | |
pulsar proxy | le | 2.10.1 | |
pulsar proxy | le | 2.9.1 | |
pulsar proxy | le | 2.7.4 | |
pulsar proxy | le | 2.8.2 | |
pulsar proxy | le | 2.10.1 | |
pulsar proxy | le | 2.9.1 | |
pulsar proxy | le | 2.7.4 |
github.com/advisories/GHSA-3mg9-m3f6-v7fq
github.com/apache/pulsar/commit/3d2e6ce84b6e69667a1c2095b766d9941a258b61
github.com/apache/pulsar/commit/b3bac91a74ad0e9358c0d5c12f87b89166276c67
github.com/apache/pulsar/commit/be806ea68e69ced4408370581496ca1a583526f3
github.com/apache/pulsar/pull/14078
lists.apache.org/thread/ghs9jtjfbpy4c6xcftyvkl6swznlom1v
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
8.3%