You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Arushi Rai (Jira)" <ji...@apache.org> on 2023/05/17 15:19:00 UTC

[jira] [Created] (KAFKA-15002) Moderate vulnerability in org.bitbucket.b_c_jose4j

Arushi Rai created KAFKA-15002:
----------------------------------

             Summary: Moderate vulnerability in org.bitbucket.b_c_jose4j 
                 Key: KAFKA-15002
                 URL: https://issues.apache.org/jira/browse/KAFKA-15002
             Project: Kafka
          Issue Type: Task
    Affects Versions: 3.3.2, 3.4.0
            Reporter: Arushi Rai


Kafka is using package org.bitbucket.b_c_jose4j on version  0.7.9 where medium vulnerability is reported [GHSA-jgvc-jfgh-rjvv|https://github.com/advisories/GHSA-jgvc-jfgh-rjvv].

Fix is available in version 0.9.3 and Kafka should look to update to the fix version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)