Apache Software Foundation Kafka 2.4.0

CPE Details

Apache Software Foundation Kafka 2.4.0
apache
kafka
2.4.0
2021-12-07
14h57 +00:00
2021-12-07
19h47 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:kafka:2.4.0:-:*:*:*:*:*:*

Informations

Vendor

apache

Product

kafka

Version

2.4.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-38153 2021-09-22 07h05 +00:00 Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
5.9
Moyen