VYPR

Maven package

org.apache.kafka/kafka

pkg:maven/org.apache.kafka/kafka

Vulnerabilities (4)

  • CVE-2022-34917Sep 20, 2022
    affected >= 2.8.0, < 2.8.2fixed 2.8.2

    A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial o

  • CVE-2019-12399Jan 14, 2020
    affected >= 2.0.0, < 2.0.2fixed 2.0.2

    When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration

  • CVE-2018-17196Jul 11, 2019
    affected >= 0.11.0.0, < 2.1.1fixed 2.1.1

    In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users sh

  • CVE-2018-1288MedJul 26, 2018
    affected >= 0.9.0.0, < 0.10.2.2fixed 0.10.2.2

    In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

VYPR — Vulnerability Intelligence