org.apache.pulsar:pulsar-broker@3.2.1 vulnerabilities
-
latest version
3.2.2
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
a month ago
-
licenses detected
- [1.19.0-incubating,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.pulsar:pulsar-broker package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Improper Authorization in namespace and topic management endpoints. An attacker with produce or consume permissions can perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction, which should be restricted to users with the tenant admin role or superuser role. Note: The vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace. How to fix Improper Authorization? Upgrade |
[2.7.1,3.0.4)
[3.1.0,3.2.2)
|