### Critical Vulnerability Information #### Vulnerability Overview - A security scan of Pulsar v2.3.1 using the Black Duck tool revealed multiple security vulnerabilities in its dependency libraries. #### Affected Dependencies and CVE List - **Apache Commons Compress - 1.15** - CVE-2018-11771 - CVE-2018-1324 - **Apache Maven 2 - 3.0.4** - CVE-2013-0253 - CVE-2016-4469 - CVE-2016-5005 - CVE-2017-5657 - **AsyncHttpClient - 1.6.5** - CVE-2013-7397 - CVE-2013-7398 - **Guava: Google Core Libraries for Java - 21.0 and 24.1-jre** - CVE-2018-10237 - **Jackson-databind - 2.8.11.3** - CVE-2018-1000873 - CVE-2018-14719 - CVE-2018-14720 - CVE-2018-14721 - CVE-2018-19360 - CVE-2018-19361 - CVE-2018-19362 - **Jetty - 9.4.11.v20180605** - CVE-2017-9735 - CVE-2018-12545 - **jQuery - 2.2.3** - CVE-2011-4969 - **jQuery UI - 1.11.4** - CVE-2016-7103 - **Netty Project - 3.10.1.Final and 3.6.2.Final** - CVE-2015-2156 - CVE-2015-2156 - CVE-2014-0193 #### Mitigation Strategy - Consider upgrading to the latest versions of each dependency library to address the above vulnerabilities, but further validation is required to assess the impact on the existing system.