Vulnerabilities > Apache > Pulsar > 2.11.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-02 | CVE-2024-29834 | Unspecified vulnerability in Apache Pulsar This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. | 6.4 |
| 2024-03-12 | CVE-2022-34321 | Unspecified vulnerability in Apache Pulsar Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. | 8.2 |
| 2024-03-12 | CVE-2024-27135 | Unspecified vulnerability in Apache Pulsar Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. | 9.9 |
| 2024-03-12 | CVE-2024-27317 | Unspecified vulnerability in Apache Pulsar In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. | 9.9 |
| 2024-03-12 | CVE-2024-27894 | Unspecified vulnerability in Apache Pulsar The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. | 8.8 |
| 2024-03-12 | CVE-2024-28098 | Unspecified vulnerability in Apache Pulsar The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. | 5.4 |
| 2024-02-07 | CVE-2023-51437 | Unspecified vulnerability in Apache Pulsar Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. | 7.4 |