Improper Input Validation Affecting kafka-fips-4.2 package, versions <4.2.1-r0


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.16% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CHAINGUARDLATEST-KAFKAFIPS42-17037041
  • published29 May 2026
  • disclosed5 Mar 2026

Introduced: 5 Mar 2026

CVE-2025-11143  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

Upgrade Chainguard kafka-fips-4.2 to version 4.2.1-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kafka-fips-4.2 package and not the kafka-fips-4.2 package as distributed by Chainguard. See How to fix? for Chainguard relevant fixed versions and status.

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

CVSS Base Scores

version 3.1