org.apache.kafka:kafka-streams@0.10.2.2 vulnerabilities
-
latest version
3.7.0
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
3 months ago
-
licenses detected
- [0.10.0.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.kafka:kafka-streams package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.apache.kafka:kafka-streams is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Denial of Service (DoS). A bug in the InternalTopicManager makes it seems like a topic exists even though it doesn't, after a topic is marked for deletion and before it is actually deleted. In that timespan, the Broker gives inconsistent information while it starts polling for metadata. The consequence is that the client goes into a loop where it polls for topic metadata and because this is done by many small threads - it can take down a small cluster or degrade greatly its performances. How to fix Denial of Service (DoS)? Upgrade |
[,2.1.0)
|