[ https://issues.apache.org/jira/browse/KAFKA-14696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17687087#comment-17687087 ]
Manikumar edited comment on KAFKA-14696 at 2/10/23 1:58 PM: ------------------------------------------------------------ Yes, you can fix cherry picking the commit ae22ec1a0ea005664439c3f45111aa34390ecaa1 2.8 branch. was (Author: omkreddy): Yes, you ca fix cherry picking the commit ae22ec1a0ea005664439c3f45111aa34390ecaa1 2.8 branch. > CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL > JAAS JndiLoginModule configuration using Kafka Connect > ----------------------------------------------------------------------------------------------------------------------------------- > > Key: KAFKA-14696 > URL: https://issues.apache.org/jira/browse/KAFKA-14696 > Project: Kafka > Issue Type: Bug > Components: KafkaConnect > Affects Versions: 2.8.1, 2.8.2 > Reporter: MillieZhang > Priority: Major > Fix For: 3.4.0 > > > CVE Reference: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34917] > > Will Kafka 2.8.X provide a patch to fix this vulnerability? > If yes, when will the patch be provided? > > Thanks -- This message was sent by Atlassian Jira (v8.20.10#820010)