Known Vulnerabilities for Kafka by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Kafka" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-38153 | Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that... | 5.9 - MEDIUM | 2021-09-22 | 2023-11-07 |
| CVE-2021-26291 | Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising... | 9.1 - CRITICAL | 2021-04-23 | 2023-11-07 |
| CVE-2021-21295 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.9 - MEDIUM | 2021-03-09 | 2023-11-07 |
| CVE-2020-27218 | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if ... | 4.8 - MEDIUM | 2020-11-28 | 2023-11-07 |
| CVE-2019-25013 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences ... | 5.9 - MEDIUM | 2021-01-04 | 2023-11-09 |
| CVE-2019-12399 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more confi... | 7.5 - HIGH | 2020-01-14 | 2023-11-07 |
| CVE-2018-17196 | In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transa... | 8.8 - HIGH | 2019-07-11 | 2023-11-07 |
| CVE-2018-1288 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perf... | 5.4 - MEDIUM | 2018-07-26 | 2023-11-07 |
| CVE-2017-15288 | The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for priv... | 7.8 - HIGH | 2017-11-15 | 2023-11-07 |
| CVE-2017-12610 | In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manual... | 6.8 - MEDIUM | 2018-07-26 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Kafka | 2.7.0 | All | All | All |
| Application | Apache | Kafka | 2.3.1 | All | All | All |
| Application | Apache | Kafka | 2.3.0 | All | All | All |
| Application | Apache | Kafka | 2.2.2 | All | All | All |
| Application | Apache | Kafka | 2.2.1 | All | All | All |
| Application | Apache | Kafka | 2.2.0 | All | All | All |
| Application | Apache | Kafka | 2.1.2 | All | All | All |
| Application | Apache | Kafka | 2.1.1 | All | All | All |
| Application | Apache | Kafka | 2.1.0 | All | All | All |
| Application | Apache | Kafka | 2.0.2 | All | All | All |
| Application | Apache | Kafka | 2.0.1 | All | All | All |
| Application | Apache | Kafka | 2.0.0 | All | All | All |
| Application | Apache | Kafka | 1.1.1 | All | All | All |
| Application | Apache | Kafka | 1.1.0 | All | All | All |
| Application | Apache | Kafka | 1.0.2 | All | All | All |
| Application | Apache | Kafka | 1.0.1 | All | All | All |
| Application | Apache | Kafka | 1.0.0 | All | All | All |
| Application | Apache | Kafka | 0.9.0.1 | All | All | All |
| Application | Apache | Kafka | 0.9.0.0 | All | All | All |
| Application | Apache | Kafka | 0.8.2.2 | All | All | All |