Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Infinispan Client Hotrod has a vulnerability CVE-2023-4586 #22626

Closed
2 of 3 tasks
nikhil-ctds opened this issue May 1, 2024 · 0 comments · Fixed by #22641 · May be fixed by #23078 or cognitree/pulsar#14
Closed
2 of 3 tasks

[Bug] Infinispan Client Hotrod has a vulnerability CVE-2023-4586 #22626

nikhil-ctds opened this issue May 1, 2024 · 0 comments · Fixed by #22641 · May be fixed by #23078 or cognitree/pulsar#14
Labels
type/bug The PR fixed a bug or issue reported a bug

Comments

@nikhil-ctds
Copy link

Search before asking

  • I searched in the issues and found nothing similar.

Read release policy

  • I understand that unsupported versions don't get bug fixes. I will attempt to reproduce the issue on a supported version of Pulsar client and Pulsar broker.

Version

Version - 3.3.0-SNAPSHOT
Branch - master

Minimal reproduce step

Found vulnerability online.

What did you expect to see?

No Vulnerabilites

What did you see instead?

Found a High Vulnerability on org.infinispan:infinispan-client-hotrod version 12.1.6.Final
CVE-2023-4586

Anything else?

Pulsar doesn't have a direct dependency on Infinispan-client-hotrod.
Pulsar has a dependency on debezium-oracle connector

<groupId>io.debezium</groupId>
<artifactId>debezium-connector-oracle</artifactId>
<version>1.9.7.Final</version>

Which in-turn has a dependency on infinispan-client-hotrod@12.1.6.Final

<groupId>org.infinispan</groupId>
<artifactId>infinispan-client-hotrod</artifactId>
<version>12.1.6.Final</version>

Are you willing to submit a PR?

  • I'm willing to submit a PR!
@nikhil-ctds nikhil-ctds added the type/bug The PR fixed a bug or issue reported a bug label May 1, 2024
@nikhilerigila09 nikhilerigila09 mentioned this issue May 3, 2024
Merged
15 tasks
This was referenced May 14, 2024
Closed
Closed
@nikhilerigila09 nikhilerigila09 mentioned this issue May 22, 2024
Closed
15 tasks
@mukesh154 mukesh154 mentioned this issue Jun 4, 2024
Closed
15 tasks
This was referenced Jul 26, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug The PR fixed a bug or issue reported a bug
Projects
None yet
Milestone
No milestone
1 participant
@nikhil-ctds