Information Exposure Affecting org.apache.kafka:kafka Open this link in a new tab package, versions [2.0.0,2.0.2) [2.1.0,2.1.2) [2.3.0,2.3.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
15 Jan 2020
13 Jan 2020
How to fix?
org.apache.kafka:kafka to version 2.0.2, 2.1.2, 2.3.1 or higher.
Affected versions of this package are vulnerable to Information Exposure. Any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalised secrets variables.