org.apache.kafka:kafka-clients@2.3.0 vulnerabilities
-
latest version
3.7.0
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
2 months ago
-
licenses detected
- [0.8.2-beta,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.kafka:kafka-clients package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Deserialization of Untrusted Data when there are gadgets in the Note: Exploitation requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol. How to fix Deserialization of Untrusted Data? Upgrade |
[2.3.0,3.4.0)
|
org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Timing Attack. Some components in Apache Kafka use How to fix Timing Attack? Upgrade |
[2.8.0,2.8.1)
[,2.7.2)
|