GLouMcK opened a new issue #9347: URL: https://github.com/apache/pulsar/issues/9347
Black Duck, a product by Synopsys that scans for open source security threats, uncovered a few issues in the Docker image in repository apachepulsar/pulsar-all for tag 2.7.0. The vulnerabilities reported were: CVE-2018-8088 - org.slf4j.ext.EventData in the slf4j-ext module allows remote attackers to bypass intended access restrictions via crafted data. CVE-2019-17638 - In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. CVE-2017-1000487 -Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. If I can provide any further details please let me know. Thanks! ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
