GHSA-gh27-38p5-mrxc

Source

https://github.com/advisories/GHSA-gh27-38p5-mrxc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gh27-38p5-mrxc/GHSA-gh27-38p5-mrxc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gh27-38p5-mrxc

Aliases

CVE-2018-1288

Published

2022-05-13T01:02:18Z

Modified

2023-11-01T04:48:54.774855Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

Improper Control of Generation of Code in Apache Kafka

Details

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

References

Affected packages

Maven / org.apache.kafka:kafka

Package

Name: org.apache.kafka:kafka; View open source insights on deps.dev
Purl: pkg:maven/org.apache.kafka/kafka

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.9.0.0

Fixed

0.10.2.2

Database specific

{
    "last_known_affected_version_range": "<= 0.10.2.1"
}

Maven / org.apache.kafka:kafka

Package

Name: org.apache.kafka:kafka; View open source insights on deps.dev
Purl: pkg:maven/org.apache.kafka/kafka

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.11.0.0

Fixed

0.11.0.3

Database specific

{
    "last_known_affected_version_range": "<= 0.11.0.2"
}

GHSA-gh27-38p5-mrxc

Affected packages

Maven / org.apache.kafka:kafka

Package

Affected ranges

Database specific

Maven / org.apache.kafka:kafka

Package

Affected ranges

Database specific

Maven / org.apache.kafka:kafka

Package

Affected ranges

Affected versions

1.*