org.apache.pulsar:pulsar-proxy

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.pulsar:pulsar-proxypage 1 of 1

CVE-2022-33682MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.10.1
2022-09-23
vulnerable: 2.10.0
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-…
CVE-2022-33683MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.10.1
2022-09-23
vulnerable: 2.10.0
Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replic…
CVE-2022-34321HIGHCVSS 8.2EG 8.2✓ Fixed in 3.1.1
2024-03-12
vulnerable: 3.1.0
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capa…

Check whether org.apache.pulsar:pulsar-proxy is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.pulsar:pulsar-proxy CVEs against the assets you own.

Start Free Scan →