Known Vulnerabilities for Zookeeper by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Zookeeper" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-34429 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to... | 5.3 - MEDIUM | 2021-07-15 | 2023-11-07 |
| CVE-2021-29425 | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../f... | 4.8 - MEDIUM | 2021-04-13 | 2023-11-07 |
| CVE-2021-28169 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly en... | 5.3 - MEDIUM | 2021-06-09 | 2023-11-07 |
| CVE-2021-28165 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receivi... | 7.5 - HIGH | 2021-04-01 | 2023-11-07 |
| CVE-2021-28164 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e... | 5.3 - MEDIUM | 2021-04-01 | 2023-11-07 |
| CVE-2021-21409 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.9 - MEDIUM | 2021-03-30 | 2023-11-07 |
| CVE-2021-21295 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.9 - MEDIUM | 2021-03-09 | 2023-11-07 |
| CVE-2020-10663 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsa... | 7.5 - HIGH | 2020-04-28 | 2023-11-07 |
| CVE-2019-0201 | An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn�... | 5.9 - MEDIUM | 2019-05-23 | 2023-11-07 |
| CVE-2018-8012 | No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.... | 7.5 - HIGH | 2018-05-21 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Zookeeper | 3.6.2-1 | All | All | All |
| Application | Apache | Zookeeper | 3.6.2-0 | All | All | All |
| Application | Apache | Zookeeper | 3.6.2 | All | All | All |
| Application | Apache | Zookeeper | 3.6.1-1 | All | All | All |
| Application | Apache | Zookeeper | 3.6.1-0 | All | All | All |
| Application | Apache | Zookeeper | 3.6.1 | All | All | All |
| Application | Apache | Zookeeper | 3.6.0-4 | All | All | All |
| Application | Apache | Zookeeper | 3.6.0-3 | All | All | All |
| Application | Apache | Zookeeper | 3.6.0-2 | All | All | All |
| Application | Apache | Zookeeper | 3.6.0-1 | All | All | All |
| Application | Apache | Zookeeper | 3.6.0-0 | All | All | All |
| Application | Apache | Zookeeper | 3.6.0 | All | All | All |
| Application | Apache | Zookeeper | 3.5.8 | - | All | All |
| Application | Apache | Zookeeper | 3.5.8 | rc0 | All | All |
| Application | Apache | Zookeeper | 3.5.7 | - | All | All |
| Application | Apache | Zookeeper | 3.5.7 | rc0 | All | All |
| Application | Apache | Zookeeper | 3.5.7 | rc1 | All | All |
| Application | Apache | Zookeeper | 3.5.7 | rc2 | All | All |
| Application | Apache | Zookeeper | 3.5.6 | - | All | All |
| Application | Apache | Zookeeper | 3.5.6 | rc0 | All | All |