Vulnerabilities > Apache > Kafka > 2.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-22 | CVE-2021-38153 | Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. | 5.9 |
2019-07-11 | CVE-2018-17196 | Unspecified vulnerability in Apache Kafka In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. | 8.8 |