Apache Kafka Client: Arbitrary file read and SSRF vulnerability
Description
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products.
Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.kafka:kafka-clientsMaven | >= 3.1.0, < 3.9.1 | 3.9.1 |
Affected products
252- osv-coords251 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/apicurio-registrypkg:apk/chainguard/apicurio-registry-nginx-configpkg:apk/chainguard/apicurio-registry-uipkg:apk/chainguard/debezium-connector-spanner-3.0pkg:apk/chainguard/druidpkg:apk/chainguard/druid-compatpkg:apk/chainguard/kafka_exporter-strimzi-compatpkg:apk/chainguard/kafka-strimzi-compatpkg:apk/chainguard/logstash-8pkg:apk/chainguard/logstash-8-bitnami-compatpkg:apk/chainguard/logstash-8-compatpkg:apk/chainguard/logstash-8-env2yamlpkg:apk/chainguard/logstash-8-iamguarded-compatpkg:apk/chainguard/logstash-8-with-output-opensearchpkg:apk/chainguard/opensearch-2pkg:apk/chainguard/opensearch-2-alertingpkg:apk/chainguard/opensearch-2-analysis-icupkg:apk/chainguard/opensearch-2-analysis-kuromojipkg:apk/chainguard/opensearch-2-analysis-noripkg:apk/chainguard/opensearch-2-analysis-phoneticpkg:apk/chainguard/opensearch-2-analysis-smartcnpkg:apk/chainguard/opensearch-2-analysis-stempelpkg:apk/chainguard/opensearch-2-analysis-ukrainianpkg:apk/chainguard/opensearch-2-anomaly-detectionpkg:apk/chainguard/opensearch-2-asynchronous-searchpkg:apk/chainguard/opensearch-2-cross-cluster-replicationpkg:apk/chainguard/opensearch-2-crypto-kmspkg:apk/chainguard/opensearch-2-custom-codecspkg:apk/chainguard/opensearch-2-discovery-azure-classicpkg:apk/chainguard/opensearch-2-discovery-ec2pkg:apk/chainguard/opensearch-2-discovery-gcepkg:apk/chainguard/opensearch-2-entrypoint-compatpkg:apk/chainguard/opensearch-2-geospatialpkg:apk/chainguard/opensearch-2-identity-shiropkg:apk/chainguard/opensearch-2-index-managementpkg:apk/chainguard/opensearch-2-ingest-attachmentpkg:apk/chainguard/opensearch-2-job-schedulerpkg:apk/chainguard/opensearch-2-k-nnpkg:apk/chainguard/opensearch-2-mapper-annotated-textpkg:apk/chainguard/opensearch-2-mapper-murmur3pkg:apk/chainguard/opensearch-2-mapper-sizepkg:apk/chainguard/opensearch-2-ml-commonspkg:apk/chainguard/opensearch-2-neural-searchpkg:apk/chainguard/opensearch-2-notificationspkg:apk/chainguard/opensearch-2-observabilitypkg:apk/chainguard/opensearch-2-performance-analyzerpkg:apk/chainguard/opensearch-2-reportingpkg:apk/chainguard/opensearch-2-repository-azurepkg:apk/chainguard/opensearch-2-repository-gcspkg:apk/chainguard/opensearch-2-repository-s3pkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/opensearch-2-security-analyticspkg:apk/chainguard/opensearch-2-sqlpkg:apk/chainguard/opensearch-2-store-smbpkg:apk/chainguard/opensearch-2-telemetry-otelpkg:apk/chainguard/opensearch-2-transport-niopkg:apk/chainguard/opensearch-3pkg:apk/chainguard/opensearch-3-alertingpkg:apk/chainguard/opensearch-3-analysis-icupkg:apk/chainguard/opensearch-3-analysis-kuromojipkg:apk/chainguard/opensearch-3-analysis-noripkg:apk/chainguard/opensearch-3-analysis-phoneticpkg:apk/chainguard/opensearch-3-analysis-smartcnpkg:apk/chainguard/opensearch-3-analysis-stempelpkg:apk/chainguard/opensearch-3-analysis-ukrainianpkg:apk/chainguard/opensearch-3-anomaly-detectionpkg:apk/chainguard/opensearch-3-asynchronous-searchpkg:apk/chainguard/opensearch-3-cross-cluster-replicationpkg:apk/chainguard/opensearch-3-crypto-kmspkg:apk/chainguard/opensearch-3-custom-codecspkg:apk/chainguard/opensearch-3-discovery-azure-classicpkg:apk/chainguard/opensearch-3-discovery-ec2pkg:apk/chainguard/opensearch-3-discovery-gcepkg:apk/chainguard/opensearch-3-geospatialpkg:apk/chainguard/opensearch-3-identity-shiropkg:apk/chainguard/opensearch-3-index-managementpkg:apk/chainguard/opensearch-3-ingest-attachmentpkg:apk/chainguard/opensearch-3-job-schedulerpkg:apk/chainguard/opensearch-3-k-nnpkg:apk/chainguard/opensearch-3-mapper-annotated-textpkg:apk/chainguard/opensearch-3-mapper-murmur3pkg:apk/chainguard/opensearch-3-mapper-sizepkg:apk/chainguard/opensearch-3-ml-commonspkg:apk/chainguard/opensearch-3-neural-searchpkg:apk/chainguard/opensearch-3-notificationspkg:apk/chainguard/opensearch-3-observabilitypkg:apk/chainguard/opensearch-3-performance-analyzerpkg:apk/chainguard/opensearch-3-reportingpkg:apk/chainguard/opensearch-3-repository-azurepkg:apk/chainguard/opensearch-3-repository-gcspkg:apk/chainguard/opensearch-3-repository-s3pkg:apk/chainguard/opensearch-3-securitypkg:apk/chainguard/opensearch-3-security-analyticspkg:apk/chainguard/opensearch-3-sqlpkg:apk/chainguard/opensearch-3-store-smbpkg:apk/chainguard/opensearch-3-telemetry-otelpkg:apk/chainguard/prometheus-jmx-exporter-strimzi-compatpkg:apk/chainguard/strimzi-kafka-operatorpkg:apk/chainguard/strimzi-kafka-operator-cluster-operatorpkg:apk/chainguard/strimzi-kafka-operator-kafka-agentpkg:apk/chainguard/strimzi-kafka-operator-kafka-agent-3pkg:apk/chainguard/strimzi-kafka-operator-kafka-basepkg:apk/chainguard/strimzi-kafka-operator-kafka-initpkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libspkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/chainguard/strimzi-kafka-operator-mirror-maker-agentpkg:apk/chainguard/strimzi-kafka-operator-topic-operatorpkg:apk/chainguard/strimzi-kafka-operator-tracing-agentpkg:apk/chainguard/strimzi-kafka-operator-user-operatorpkg:apk/chainguard/thingsboardpkg:apk/chainguard/thingsboard-tb-js-executorpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/thingsboard-tb-web-uipkg:apk/chainguard/wildflypkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-17-compatpkg:apk/chainguard/wildfly-openjdk-21pkg:apk/chainguard/wildfly-openjdk-21-compatpkg:apk/chainguard/zipkinpkg:apk/chainguard/zipkin-oci-entrypointpkg:apk/chainguard/zipkin-slimpkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-toolkitpkg:apk/wolfi/apicurio-registrypkg:apk/wolfi/apicurio-registry-nginx-configpkg:apk/wolfi/apicurio-registry-uipkg:apk/wolfi/debezium-connector-spanner-3.0pkg:apk/wolfi/druidpkg:apk/wolfi/druid-compatpkg:apk/wolfi/kafka_exporter-strimzi-compatpkg:apk/wolfi/kafka-strimzi-compatpkg:apk/wolfi/logstash-8pkg:apk/wolfi/logstash-8-bitnami-compatpkg:apk/wolfi/logstash-8-compatpkg:apk/wolfi/logstash-8-env2yamlpkg:apk/wolfi/logstash-8-iamguarded-compatpkg:apk/wolfi/logstash-8-with-output-opensearchpkg:apk/wolfi/opensearch-2pkg:apk/wolfi/opensearch-2-alertingpkg:apk/wolfi/opensearch-2-analysis-icupkg:apk/wolfi/opensearch-2-analysis-kuromojipkg:apk/wolfi/opensearch-2-analysis-noripkg:apk/wolfi/opensearch-2-analysis-phoneticpkg:apk/wolfi/opensearch-2-analysis-smartcnpkg:apk/wolfi/opensearch-2-analysis-stempelpkg:apk/wolfi/opensearch-2-analysis-ukrainianpkg:apk/wolfi/opensearch-2-anomaly-detectionpkg:apk/wolfi/opensearch-2-asynchronous-searchpkg:apk/wolfi/opensearch-2-cross-cluster-replicationpkg:apk/wolfi/opensearch-2-crypto-kmspkg:apk/wolfi/opensearch-2-custom-codecspkg:apk/wolfi/opensearch-2-discovery-azure-classicpkg:apk/wolfi/opensearch-2-discovery-ec2pkg:apk/wolfi/opensearch-2-discovery-gcepkg:apk/wolfi/opensearch-2-geospatialpkg:apk/wolfi/opensearch-2-identity-shiropkg:apk/wolfi/opensearch-2-index-managementpkg:apk/wolfi/opensearch-2-ingest-attachmentpkg:apk/wolfi/opensearch-2-job-schedulerpkg:apk/wolfi/opensearch-2-k-nnpkg:apk/wolfi/opensearch-2-mapper-annotated-textpkg:apk/wolfi/opensearch-2-mapper-murmur3pkg:apk/wolfi/opensearch-2-mapper-sizepkg:apk/wolfi/opensearch-2-ml-commonspkg:apk/wolfi/opensearch-2-neural-searchpkg:apk/wolfi/opensearch-2-notificationspkg:apk/wolfi/opensearch-2-observabilitypkg:apk/wolfi/opensearch-2-performance-analyzerpkg:apk/wolfi/opensearch-2-reportingpkg:apk/wolfi/opensearch-2-repository-azurepkg:apk/wolfi/opensearch-2-repository-gcspkg:apk/wolfi/opensearch-2-repository-s3pkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/opensearch-2-security-analyticspkg:apk/wolfi/opensearch-2-sqlpkg:apk/wolfi/opensearch-2-store-smbpkg:apk/wolfi/opensearch-2-telemetry-otelpkg:apk/wolfi/opensearch-2-transport-niopkg:apk/wolfi/opensearch-3pkg:apk/wolfi/opensearch-3-alertingpkg:apk/wolfi/opensearch-3-analysis-icupkg:apk/wolfi/opensearch-3-analysis-kuromojipkg:apk/wolfi/opensearch-3-analysis-noripkg:apk/wolfi/opensearch-3-analysis-phoneticpkg:apk/wolfi/opensearch-3-analysis-smartcnpkg:apk/wolfi/opensearch-3-analysis-stempelpkg:apk/wolfi/opensearch-3-analysis-ukrainianpkg:apk/wolfi/opensearch-3-anomaly-detectionpkg:apk/wolfi/opensearch-3-asynchronous-searchpkg:apk/wolfi/opensearch-3-cross-cluster-replicationpkg:apk/wolfi/opensearch-3-crypto-kmspkg:apk/wolfi/opensearch-3-custom-codecspkg:apk/wolfi/opensearch-3-discovery-azure-classicpkg:apk/wolfi/opensearch-3-discovery-ec2pkg:apk/wolfi/opensearch-3-discovery-gcepkg:apk/wolfi/opensearch-3-geospatialpkg:apk/wolfi/opensearch-3-identity-shiropkg:apk/wolfi/opensearch-3-index-managementpkg:apk/wolfi/opensearch-3-ingest-attachmentpkg:apk/wolfi/opensearch-3-job-schedulerpkg:apk/wolfi/opensearch-3-k-nnpkg:apk/wolfi/opensearch-3-mapper-annotated-textpkg:apk/wolfi/opensearch-3-mapper-murmur3pkg:apk/wolfi/opensearch-3-mapper-sizepkg:apk/wolfi/opensearch-3-ml-commonspkg:apk/wolfi/opensearch-3-neural-searchpkg:apk/wolfi/opensearch-3-notificationspkg:apk/wolfi/opensearch-3-observabilitypkg:apk/wolfi/opensearch-3-performance-analyzerpkg:apk/wolfi/opensearch-3-reportingpkg:apk/wolfi/opensearch-3-repository-azurepkg:apk/wolfi/opensearch-3-repository-gcspkg:apk/wolfi/opensearch-3-repository-s3pkg:apk/wolfi/opensearch-3-securitypkg:apk/wolfi/opensearch-3-security-analyticspkg:apk/wolfi/opensearch-3-sqlpkg:apk/wolfi/opensearch-3-store-smbpkg:apk/wolfi/opensearch-3-telemetry-otelpkg:apk/wolfi/prometheus-jmx-exporter-strimzi-compatpkg:apk/wolfi/strimzi-kafka-operatorpkg:apk/wolfi/strimzi-kafka-operator-cluster-operatorpkg:apk/wolfi/strimzi-kafka-operator-kafka-agentpkg:apk/wolfi/strimzi-kafka-operator-kafka-agent-3pkg:apk/wolfi/strimzi-kafka-operator-kafka-basepkg:apk/wolfi/strimzi-kafka-operator-kafka-initpkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libspkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/wolfi/strimzi-kafka-operator-mirror-maker-agentpkg:apk/wolfi/strimzi-kafka-operator-topic-operatorpkg:apk/wolfi/strimzi-kafka-operator-tracing-agentpkg:apk/wolfi/strimzi-kafka-operator-user-operatorpkg:apk/wolfi/thingsboardpkg:apk/wolfi/thingsboard-tb-js-executorpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-web-uipkg:apk/wolfi/wildflypkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-17-compatpkg:apk/wolfi/wildfly-openjdk-21pkg:apk/wolfi/wildfly-openjdk-21-compatpkg:apk/wolfi/zipkinpkg:apk/wolfi/zipkin-oci-entrypointpkg:apk/wolfi/zipkin-slimpkg:bitnami/kafkapkg:maven/org.apache.kafka/kafka-clients
< 2.4.0-r4+ 250 more
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 3.0.9-r1
- (no CPE)range: < 3.0.9-r1
- (no CPE)range: < 3.0.9-r1
- (no CPE)range: < 3.0.8-r5
- (no CPE)range: < 33.0.0-r4
- (no CPE)range: < 33.0.0-r4
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 3.5.1-r2
- (no CPE)range: < 3.5.1-r2
- (no CPE)range: < 3.5.1-r2
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 3.0.9-r1
- (no CPE)range: < 3.0.9-r1
- (no CPE)range: < 3.0.9-r1
- (no CPE)range: < 3.0.8-r5
- (no CPE)range: < 33.0.0-r4
- (no CPE)range: < 33.0.0-r4
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 8.18.2-r2
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 2.19.1-r5
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 3.0.0-r2
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 0.46.0-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 4.0.1-r6
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 36.0.1-r5
- (no CPE)range: < 3.5.1-r2
- (no CPE)range: < 3.5.1-r2
- (no CPE)range: < 3.5.1-r2
- (no CPE)range: >= 3.1.0, < 3.9.1
- (no CPE)range: >= 3.1.0, < 3.9.1
- Range: 3.1.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vgq5-3255-v292ghsaADVISORY
- kafka.apache.org/cve-listghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-27817ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/06/09/1ghsaWEB
News mentions
0No linked articles in our index yet.