Improper Input Validation Affecting org.apache.pulsar:pulsar-proxy package, versions [,2.7.5) [2.8.0,2.8.3) [2.9.0,2.9.2)



    Attack Complexity High
    Availability High
Expand this section
6.5 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • published 23 Sep 2022
  • disclosed 23 Sep 2022
  • credit Lari Hotari

How to fix?

Upgrade org.apache.pulsar:pulsar-proxy to version 2.7.5, 2.8.3, 2.9.2 or higher.


Affected versions of this package are vulnerable to Improper Input Validation by allowing an attacker to send TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy.


To address the issue, upgraded versions of Apache Pulsar Proxy will only allow connections to known broker ports 6650 and 6651 by default. In addition, it is necessary to limit proxied broker connections further to known broker addresses by specifying brokerProxyAllowedHostNames and brokerProxyAllowedIPAddresses Pulsar Proxy settings. In Pulsar Helm chart deployments, the setting names should be prefixed with "PULSAR_PREFIX_".