Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1naDI3LTM4cDUtbXJ4Y83oyA

Improper Control of Generation of Code in Apache Kafka

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

Permalink: https://github.com/advisories/GHSA-gh27-38p5-mrxc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1naDI3LTM4cDUtbXJ4Y83oyA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago


CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Identifiers: GHSA-gh27-38p5-mrxc, CVE-2018-1288
References: Blast Radius: 1.0

Affected Packages

maven:org.apache.kafka:kafka
Affected Version Ranges: = 1.0.0, >= 0.11.0.0, <= 0.11.0.2, >= 0.9.0.0, <= 0.10.2.1
Fixed in: 1.0.1, 0.11.0.3, 0.10.2.2