CVE-2022-33684
- Source
- https://cve.org/CVERecord?id=CVE-2022-33684
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-33684.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-33684
- Aliases
- Published
- 2022-11-04T12:15:13.123Z
- Modified
- 2026-02-11T14:40:38.209029Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow 'issuer url'. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including clientid and clientsecret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions.
- References
-
- https://huntr.dev/bounties/df89b724-3201-47aa-b8cd-282e112a566f
- https://lists.apache.org/thread/ky1ssskvkj00y36k7nys9b5gm5jjrzwv
- https://huntr.dev/bounties/df89b724-3201-47aa-b8cd-282e112a566f
- https://lists.apache.org/thread/ky1ssskvkj00y36k7nys9b5gm5jjrzwv
- https://huntr.dev/bounties/df89b724-3201-47aa-b8cd-282e112a566f
- https://lists.apache.org/thread/ky1ssskvkj00y36k7nys9b5gm5jjrzwv
- https://huntr.dev/bounties/df89b724-3201-47aa-b8cd-282e112a566f
Affected packages
Git / github.com/apache/pulsar
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/pulsar
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
v2.*
v2.10.0
v2.10.0-candidate-5
v2.10.1
v2.10.1-candidate-1
v2.10.2-candidate-1
v2.10.2-candidate-2
v2.7.0
v2.7.0-candidate-2
v2.7.1
v2.7.1-candidate-1
v2.7.2
v2.7.2-candidate-1
v2.7.3
v2.7.3-candidate-1
v2.7.3-candidate-2
v2.7.4
v2.7.4-candidate-1
v2.7.4-candidate-2
v2.7.5-candidate-1
v2.7.5-candidate-2
v2.8.0
v2.8.0-candidate-3
v2.8.1
v2.8.1-candidate-1
v2.8.1-candidate-2
v2.8.1-candidate-3
v2.8.2
v2.8.2-candidate-1
v2.8.2-candidate-2
v2.8.3
v2.8.3-candidate-1
v2.8.3-candidate-2
v2.8.3-candidate-3
v2.8.3-candidate-4
v2.9.0
v2.9.0-candidate-4
v2.9.1
v2.9.1-candidate-1
v2.9.1-candidate-2
v2.9.2
v2.9.2-candidate-1
v2.9.2-candidate-2
v2.9.2-candidate-3
v2.9.2-candidate-4
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-33684.json"
vanir_signatures
[
{
"target": {
"file": "pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/StringSchemaTest.java"
},
"id": "CVE-2022-33684-018afd53",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"91299493241227289138219011890481713650",
"293218772531617950389975596110670759057",
"140077000497705656388338330869846976962",
"164395833436490618467481649205346938845",
"87072410201678472616001715298567322317",
"89200512575109241000101935683598983219",
"250460567596665958124478341582939894804",
"198180705343404395870584065502239851675",
"294495619462321533305764799670587196507",
"23716380403608855101694856944371042298",
"222280736005963480416220141900454631647",
"164395833436490618467481649205346938845",
"103407127692185112510822500503379797263",
"69845556192081712382847691371405411766",
"154565217289115847039917047427936741059",
"112181499091864473123113347345911281145"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/IntSchema.java"
},
"id": "CVE-2022-33684-0b0cac83",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"120180531927168030273330870341841465608",
"1802352699267687258845696030946178565",
"154367080893460698125699013501612136772",
"331800496060915253044013743870344172518",
"138463032092823247695023880102303991936",
"49768789874527134591743115113204225850",
"144549466109294967950254135746713195949"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client-cpp/lib/auth/AuthOauth2.cc",
"function": "ClientCredentialFlow::authenticate"
},
"id": "CVE-2022-33684-12259f2a",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/8eae5b8d572861e49c40d456b1f3cbc5d414afe1",
"digest": {
"function_hash": "277975139527168023542583758241860614296",
"length": 2292.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/ByteSchema.java"
},
"id": "CVE-2022-33684-1b190a04",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"243749633182857913887429195168062343065",
"197185635622926938513298947660734873244",
"194549953847456973187234002070514712940",
"238258146877006868377177260026094677945",
"163780234401669528272353462185489627747",
"86459475240984229038852772753609506556",
"98232164322292017208710250110348892507"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/DateSchema.java"
},
"id": "CVE-2022-33684-1f89b3f3",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"208925788192972487895328524267790615408",
"41872122816247914962358252656204441116",
"154807324759873900951547259801617244200",
"52899752285897179125560522475947745588",
"167797046975100294249413920524728424873",
"210824240728046225635592238488909737757",
"200539697147331918971892166376199438652"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/LocalDateSchema.java"
},
"id": "CVE-2022-33684-2318960b",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"52946736806071803826382092735853705779",
"101588252213583647289207509397439715613",
"171206648021249392794941859597596463288",
"168125485604857351593254216463248380921",
"218295309328474409725133139026345735382",
"26156066276272052862047938547867755559",
"105484062620966509236636547901655472634"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/FloatSchema.java"
},
"id": "CVE-2022-33684-33d699a0",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"289671782172750256001490698287054204719",
"65508458989669512366918442483881970899",
"115045567674337589287627491358169843006",
"84291760149949043533801866190760924780",
"240543810731989950781518414290576124352",
"245237136018331864047459032648561622825",
"301667977866025905681474814595769826557"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-common/src/main/java/org/apache/pulsar/client/impl/schema/SchemaInfoImpl.java"
},
"id": "CVE-2022-33684-3bb02989",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"233308060926403110506156505076798706173",
"54238498524312850006515375828289772134",
"106206185923640030783465551816232486181",
"226214945375596959798255311954700833643",
"81441358127524768978579215715808700437",
"276870434901186214210076268394780596026",
"310028929084957400185809330056001915103",
"259021247094550820805579516475971473206",
"32183445277219977728504339977780053214",
"207933417419992820419328207358637688775",
"281314854348226782420634185187658300737",
"216036382171585479031206010888761411894",
"132039010602423849832791459466599196181",
"97173416403392533312851118509825216886",
"164693877081251816875304388934857607863",
"167294464545518048845392529583898418097",
"229444914460369587654408788820805549246",
"10857647438935952956089641391418158558",
"267113516890850718206651878822844711916",
"45549329087375087451805731208810915788",
"18383778746734920990183084355074325984",
"169378246925575068623058973911179350682",
"247393264812008909067805984467929891100",
"73147249945029299712246104347285964974",
"76548581139623182541063414624682227604"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/MessageImpl.java",
"function": "getSchemaHash"
},
"id": "CVE-2022-33684-3f11defa",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "313819779944555373745984098106598201978",
"length": 112.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/StringSchemaTest.java",
"function": "testSchemaInfoWithCharset"
},
"id": "CVE-2022-33684-42d65d8a",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "174437369741615366848566639657410201131",
"length": 658.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-common/src/main/java/org/apache/pulsar/common/protocol/schema/SchemaHash.java",
"function": "of"
},
"id": "CVE-2022-33684-4af9b614",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "116115349111518063228880456678819155890",
"length": 285.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/DoubleSchema.java"
},
"id": "CVE-2022-33684-4eb697d0",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"201363055482624329141112235971872958856",
"13383620033929383068469158132264901216",
"85106268843646334785387897712834739320",
"333845028928371364413230132874015649195",
"154781549404708705101598336607964869650",
"181880369018801793716393542732541683746",
"118350599298049934523014208563931525214"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/ByteBufferSchema.java"
},
"id": "CVE-2022-33684-510dfd60",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"66680545020764664798897707077745689964",
"286614985413669995834595083963308185166",
"148843007737225992319970717761112763338",
"89682075701072985010369574930669892281",
"63779335472367594549425388749965178416",
"112354829756310038650969351858597745662",
"168261878107017784265010894612486268637"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-common/src/main/java/org/apache/pulsar/common/protocol/schema/SchemaHash.java"
},
"id": "CVE-2022-33684-55daee50",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"195375706127683888848450948037970303664",
"17117672817161810348734621269739317855",
"231309723865599866905306047984136164401",
"161553770192237310709361901468894021808",
"113238818608137189066882214058058031920",
"40165111051403970036898628650341271274",
"44676919061592925330942534465866650747",
"232535974321241317328057496800658925034",
"164976800130541603928953746522327210239",
"264726592062504120942691846972178737467",
"167660914945896900152709190887224295674",
"110221327299407034034494175758397587692",
"66518373391408985194157842002442442898",
"43516831086088421275901398038820688389",
"266761023412145593284159274402790030051",
"50313002727478787682288187443654759552",
"181679024339746157014075044848805946240",
"148576300982835742640811551755432216359",
"52865848820681740330292747048232953325",
"257772546415234472598332452199158876550",
"171904447082642215054627009288941173061",
"67253810001783690911442982900193803880",
"330370269798237421872305888098019190214",
"24054357040896643557460677093143456017"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/KeyValueSchemaInfoTest.java",
"function": "testKeyValueSchemaInfoBackwardCompatibility"
},
"id": "CVE-2022-33684-5793915e",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "41879656616164991200770634476472743152",
"length": 1141.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/StringSchema.java",
"function": "StringSchema"
},
"id": "CVE-2022-33684-587d833f",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "155089918150880745552197792543615814510",
"length": 334.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/ShortSchema.java"
},
"id": "CVE-2022-33684-641bc174",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"173921973252073399472490574782780468941",
"188629236832926527427245670858558067315",
"80994953969924009735157086318602702838",
"224327683799947795749586469163756910906",
"223392947902341791842963312428845318262",
"45609929462207740098455973188284382166",
"40171578298647580546691302351058781464"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-common/src/main/java/org/apache/pulsar/common/protocol/schema/SchemaHash.java",
"function": "of"
},
"id": "CVE-2022-33684-6fa1d6cd",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "310618214023064577444530199257174582373",
"length": 160.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/BytesSchema.java"
},
"id": "CVE-2022-33684-741cdf4a",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"3550368451158942957045959901243489996",
"40488387483116679756825964512712329401",
"126145691446793687921276450658812377608",
"226176899966617610274800155422421887711",
"175444196768895269370385764477122558129",
"327404440552033298276681095062327000969",
"15509785359213199679337520762881285361"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/TimestampSchema.java"
},
"id": "CVE-2022-33684-7f4a80b8",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"29311396335275836580929856262373154052",
"4561223666781330103480768978223944056",
"239016378221053078940674632031357236376",
"269702887558484044997066202965694029804",
"3041333082334551321277615298077230282",
"203967013998241243973304471319466362984",
"143084486555336494904577483700003804626"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/InstantSchema.java"
},
"id": "CVE-2022-33684-8fd389c7",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"338361885345763445709478690493309657990",
"324585654042017068978504798013901387405",
"324497059498587605308030230236359612304",
"92304713238920247309581469936003604092",
"40672287504663965195059196469124547213",
"32664629553111898619402857931896618471",
"24016568623777189819736974305756358813"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client-cpp/lib/auth/AuthOauth2.cc"
},
"id": "CVE-2022-33684-92d1ae86",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/8eae5b8d572861e49c40d456b1f3cbc5d414afe1",
"digest": {
"line_hashes": [
"138731027338807742257602544720899196755",
"74687474208210138331018143514760494178",
"127537404541661293760255813251277450694",
"269130058048547313450032167743061572422",
"160586998600921754464278051758511912165",
"138731027338807742257602544720899196755",
"74687474208210138331018143514760494178",
"307704974728367209802353624848416088758",
"101532560577043034689871438614523044420",
"109557709976533886429298576965339903191"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/LongSchema.java"
},
"id": "CVE-2022-33684-a7e58b7f",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"300646466695263024766569024276099672064",
"332855433915108934129011848773650524136",
"278920905453463693394932896476443542643",
"37956982409717231863070132443455801128",
"98436538966171292224398737315615845578",
"186313324894715005408598167632707686512",
"9989635197443107660359210263074937521"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/StringSchema.java"
},
"id": "CVE-2022-33684-b2004091",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"54386751179809298014036866544686552040",
"155798236399447765846522232726727390439",
"73945242960790460339404245070414884932",
"303913908719548070531111321549824325138",
"196442363588080939550117066918738294985",
"271295864538595238012801760650133741059",
"146995131704884991225931772841962259437",
"11765614865848539969968637757772411472",
"245715569461318128576773840242290939656",
"280361252316349606556250860925292992453",
"176248012701218503205100584826194191306",
"230674315526864500628793867478577170181",
"267832625422603189142028041731086520937",
"252010214965098933450856741225071633920",
"25579971442249193866207765972841019001"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/JSONSchema.java",
"function": "getBackwardsCompatibleJsonSchemaInfo"
},
"id": "CVE-2022-33684-b93ff254",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "233422735996039502679761649205440411299",
"length": 377.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-common/src/main/java/org/apache/pulsar/common/protocol/schema/SchemaHash.java",
"function": "of"
},
"id": "CVE-2022-33684-c4ee0329",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "253127030710633275585108919658404301118",
"length": 113.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/ByteBufSchema.java"
},
"id": "CVE-2022-33684-c739609f",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"2214001320001706742593548328735346671",
"93994818873642335796345882042841837507",
"102905945607352376896406212193571055663",
"110537433209919753669249123834306310784",
"88679948071732026791343512316955340281",
"60891684986799526212323251146550914655",
"211380895037350136293034086579544028686"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/BooleanSchema.java"
},
"id": "CVE-2022-33684-c9713fd8",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"286376402395346228425660414146513662593",
"201520332019518189713657082646049959638",
"198305003114763218071063617230708801167",
"98213733492334618258808170867373950852",
"45574613170533884841734430210498502384",
"139862616851057568901963208454687747882",
"209066395712149736724889277169089108407"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/StringSchemaTest.java",
"function": "testSchemaInfoWithoutCharset"
},
"id": "CVE-2022-33684-cb450855",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"function_hash": "289571536544094363805732126295682527736",
"length": 571.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/LocalDateTimeSchema.java"
},
"id": "CVE-2022-33684-d2328d58",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"311801590956738910426044384590485147843",
"15893985723702085436172855631676869315",
"181022124695410520012112002636109620554",
"139110559170590153475560324029840041118",
"294917011855115463126748243790625565997",
"130389256772894967574029395242928494485",
"58206813073819131856549758035182151988"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/test/java/org/apache/pulsar/client/impl/schema/KeyValueSchemaInfoTest.java"
},
"id": "CVE-2022-33684-d390dd4e",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"307555940891448568381444559365381466065",
"193438137339325054515654378359371745091",
"17076774025589795068763669857262956890",
"210350618997398849701971773191133193291",
"167264735982602582682935204607591034010",
"92251710512279851841865201188922475637",
"253555044445731315537783846990757163560",
"154322537707652574845240009075974617586"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/TimeSchema.java"
},
"id": "CVE-2022-33684-d91b6585",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"313609194580671396019735320756767094126",
"24041352642897339881792222969511003947",
"57094093102388034798866917704875634190",
"305770437207041507145025908420764684922",
"70485450554102777417385042498659625654",
"49436454077293381892912104156391104451",
"339853980130644035392414866258025394156"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client-cpp/lib/auth/AuthOauth2.cc",
"function": "ClientCredentialFlow::initialize"
},
"id": "CVE-2022-33684-df50935f",
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/8eae5b8d572861e49c40d456b1f3cbc5d414afe1",
"digest": {
"function_hash": "251125620373411933348266831728513899338",
"length": 1666.0
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/LocalTimeSchema.java"
},
"id": "CVE-2022-33684-e53231f0",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"284731129239960782296491607194396203931",
"260025633113664689957439581084461080674",
"102073473801019958763573167279359656465",
"166197474186238157100361150215111938321",
"122993692529319133333859883619966853865",
"239529634889085679792156655661134930773",
"211926365071568993196502428092826579235"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/MessageImpl.java"
},
"id": "CVE-2022-33684-e7720b3f",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"274004388663504078949970942858735283931",
"314883020568634604416842713477091597697",
"26521325820873070186888439330451043417",
"107968624234378705782691459118453590110"
],
"threshold": 0.9
},
"deprecated": false
},
{
"target": {
"file": "pulsar-client/src/main/java/org/apache/pulsar/client/impl/schema/JSONSchema.java"
},
"id": "CVE-2022-33684-e8850dd1",
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/apache/pulsar/commit/11b5df797b2e9cb48dfc38137f0b7ef736a8a47c",
"digest": {
"line_hashes": [
"309323082950500187681662576481401526322",
"53435082097265321736072033310910817663",
"239606112394399078693229675483968704172",
"328307857566290917374559631679446460886",
"273068119362974291505722253395240511566",
"310523767658556454213764167037018715484",
"187409829798384227400225184662847726543",
"68668681917118308340772636169261951838"
],
"threshold": 0.9
},
"deprecated": false
}
]