Hi Udit, If v3.0.0 is vulnerable to this CVE, then I believe v2.7.0 is also vulnerable, since the component used in v2.7.0 must be in the older version. Please upgrade to v3.1.1 or later.
Thank you. Luke On Thu, May 19, 2022 at 6:41 PM Seth, Udit <[email protected]> wrote: > Greetings Concerned, > Currently, our product is using Kafka 2.7.0 and as per the vulnerabilities > reported by our security team we wish to confirm if CVE-2020-36518 impacts > Kafka 2.7.0 or not? > Because as per https://issues.apache.org/jira/browse/KAFKA-13775 , the > affected versions are 3.1.0, 3.0.0, 3.0.1. > > Please confirm. > > Thanks and Regards > Udit Seth >
