Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Pulsar — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in Apache Pulsar, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints CWE-863 6.4 Medium2024-04-02
CVE-2024-27894 Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying CWE-20 8.5 High2024-03-12
CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification CWE-22 8.4 High2024-03-12
CVE-2024-27135 Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution CWE-913 8.5 High2024-03-12
CVE-2022-34321 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint CWE-306 8.2 High2024-03-12
CVE-2024-28098 Apache Pulsar: Improper Authorization For Topic-Level Policy Management CWE-863 6.4 Medium2024-03-12
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification CWE-203 7.4 High2024-02-07
CVE-2023-30429 Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy CWE-863 9.6 Critical2023-07-12
CVE-2023-31007 Apache Pulsar: Broker does not always disconnect client when authentication data expires CWE-287--2023-07-12
CVE-2022-33684 Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation CWE-295 8.1 -2022-11-04
CVE-2022-33683 Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack CWE-295 5.9 -2022-09-23
CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack CWE-295 5.9 -2022-09-23
CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM CWE-295 5.9 -2022-09-23
CVE-2022-24280 Apache Pulsar Proxy target broker address isn't validated CWE-20 7.5 -2022-09-23
CVE-2021-41571 Pulsar Admin API allows access to data from other tenants using getMessageById API CWE-863 6.5 -2022-02-01
CVE-2021-22160 Authentication with JWT allows use of “none”-algorithm 9.8 -2021-05-26

All 16 known CVE vulnerabilities affecting Apache Pulsar with full Chinese analysis, references, and POCs where available.