org.apache.pulsar:pulsar
Maven4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.pulsar:pulsarpage 1 of 1
- CVE-2021-22160CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.7.22021-05-26
vulnerable: 1.19.0-incubating ... 2.7.1 (27 versions)
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to…
- CVE-2021-41571MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.8.12022-02-01
vulnerable: 2.8.0
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a …
- CVE-2022-24280MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.9.22022-09-23
vulnerable: 2.9.0, 2.9.1
Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is poss…
- CVE-2023-30429CRITICALCVSS 9.6EG 9.6✓ Fixed in 2.11.12023-07-12
vulnerable: 2.11.0
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Pr…
Check whether org.apache.pulsar:pulsar is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.pulsar:pulsar CVEs against the assets you own.
Start Free Scan →