GHSA-gh27-38p5-mrxc

Suggest an improvement
Source
https://github.com/advisories/GHSA-gh27-38p5-mrxc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gh27-38p5-mrxc/GHSA-gh27-38p5-mrxc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-gh27-38p5-mrxc
Aliases
Published
2022-05-13T01:02:18Z
Modified
2023-11-01T04:48:54.774855Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
Improper Control of Generation of Code in Apache Kafka
Details

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

References

Affected packages

Maven / org.apache.kafka:kafka

Package

Name
org.apache.kafka:kafka
View open source insights on deps.dev
Purl
pkg:maven/org.apache.kafka/kafka

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.9.0.0
Fixed
0.10.2.2

Database specific

{
    "last_known_affected_version_range": "<= 0.10.2.1"
}

Maven / org.apache.kafka:kafka

Package

Name
org.apache.kafka:kafka
View open source insights on deps.dev
Purl
pkg:maven/org.apache.kafka/kafka

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.11.0.0
Fixed
0.11.0.3

Database specific

{
    "last_known_affected_version_range": "<= 0.11.0.2"
}

Maven / org.apache.kafka:kafka

Package

Name
org.apache.kafka:kafka
View open source insights on deps.dev
Purl
pkg:maven/org.apache.kafka/kafka

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.1

Affected versions

1.*

1.0.0