org.springframework.kafka/spring-kafka

Vulnerabilities (1)

• CVE-2023-34040Aug 24, 2023
  affected >= 2.8.1, < 2.9.11fixed 2.9.11

  In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception