VMware

Spring For Apache Kafka

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.49%
  • Veröffentlicht 09.06.2026 23:49:26
  • Zuletzt bearbeitet 30.06.2026 03:19:29

JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean de...

  • EPSS 0.24%
  • Veröffentlicht 09.06.2026 23:49:10
  • Zuletzt bearbeitet 27.06.2026 22:16:47

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause t...

  • EPSS 2.16%
  • Veröffentlicht 24.08.2023 13:15:07
  • Zuletzt bearbeitet 21.11.2024 08:06:27

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of...