CVE-2026-41731
- EPSS 0.49%
- Veröffentlicht 09.06.2026 23:49:26
- Zuletzt bearbeitet 30.06.2026 03:19:29
JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean de...
CVE-2026-41727
- EPSS 0.24%
- Veröffentlicht 09.06.2026 23:49:10
- Zuletzt bearbeitet 27.06.2026 22:16:47
Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause t...
CVE-2023-34040
- EPSS 2.16%
- Veröffentlicht 24.08.2023 13:15:07
- Zuletzt bearbeitet 21.11.2024 08:06:27
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of...