Vulnerabilities

 4 via 116 paths

Dependencies

 73

Source

 GitHub

Commit

 d9427b53

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 4
  • 2
Severity
  • 2
  • 3
  • 1
Status
  • 6
  • 0
  • 0

high severity

Out-of-bounds Read

  • Vulnerable module: org.lz4:lz4-java
  • Introduced through: org.apache.kafka:kafka-clients@3.9.1 and org.apache.kafka:kafka_2.13@3.9.1

Detailed paths

  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka-clients@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-tools-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-group-coordinator-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.1.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-group-coordinator-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.1.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.1.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.1.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
    Remediation: Upgrade to org.apache.kafka:kafka_2.13@4.2.0.

Overview

org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm.

Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4_decompress_fast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or access sensitive memory contents by providing specially crafted compressed input.

Workaround

  • Applications using LZ4Factory.nativeInstance() in conjunction with .fastDecompressor() can switch to .safeInstance() or .safeDecompressor().
  • Applications using LZ4Factory.unsafeInstance(), .fastestInstance() or .fastestJavaInstance() can switch to .safeInstance().

Notes

  • The official org.lz4:lz4-java library has not been patched and the project is discontinued.

  • org.lz4:lz4-java:1.8.1 relocates the pacakge to at.yawk.lz4:lz4-java, which is a community-maintained fork of the library that fixes this vulnerability.

Remediation

Upgrade org.lz4:lz4-java to version 1.8.1 or higher.

References

Out-of-bounds Read vulnerability report

high severity

Insertion of Sensitive Information Into Sent Data

  • Vulnerable module: org.lz4:lz4-java
  • Introduced through: org.apache.kafka:kafka-clients@3.9.1 and org.apache.kafka:kafka_2.13@3.9.1

Detailed paths

  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-tools-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-group-coordinator-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-group-coordinator-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-transaction-coordinator@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-metadata@3.9.1 org.apache.kafka:kafka-raft@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0
  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 org.apache.kafka:kafka_2.13@3.9.1 org.apache.kafka:kafka-server@3.9.1 org.apache.kafka:kafka-group-coordinator@3.9.1 org.apache.kafka:kafka-storage@3.9.1 org.apache.kafka:kafka-storage-api@3.9.1 org.apache.kafka:kafka-server-common@3.9.1 org.apache.kafka:kafka-clients@3.9.1 org.lz4:lz4-java@1.8.0

Overview

org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm.

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted compressed input.

Note:

  • JNI implementations are not vulnerable.
  • LZ4Factory.safeInstance(), LZ4Factory.unsafeInstance(), and LZ4Factory.fastestJavaInstance() are all vulnerable.
  • nativeInstance().fastDecompressor() is vulnerable but nativeInstance().safeDecompressor() is not.
  • This vulnerability is distinct from the one described in CVE-2025-12183, and was discovered during follow-up research.

Workaround

This vulnerability can be mitigated by zeroing the output buffer before passing it to the decompression function.

Remediation

There is no fixed version for org.lz4:lz4-java.

References

Insertion of Sensitive Information Into Sent Data vulnerability report

medium severity

External Initialization of Trusted Variables or Data Stores

  • Vulnerable module: ch.qos.logback:logback-core
  • Introduced through: ch.qos.logback:logback-classic@1.5.16

Detailed paths

  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 ch.qos.logback:logback-classic@1.5.16 ch.qos.logback:logback-core@1.5.16
    Remediation: Upgrade to ch.qos.logback:logback-classic@1.5.19.

Overview

ch.qos.logback:logback-core is a logback-core module.

Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are present on the class path. An attacker can execute arbitrary code by compromising an existing configuration file or injecting a malicious environment variable before program execution. This is only exploitable if the attacker has write access to a configuration file or can set a malicious environment variable.

Remediation

Upgrade ch.qos.logback:logback-core to version 1.3.16, 1.5.19 or higher.

References

External Initialization of Trusted Variables or Data Stores vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: ch.qos.logback:logback-classic@1.5.16

Detailed paths

  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 ch.qos.logback:logback-classic@1.5.16

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: ch.qos.logback:logback-classic@1.5.16

Detailed paths

  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 ch.qos.logback:logback-classic@1.5.16 ch.qos.logback:logback-core@1.5.16

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

low severity
new

External Initialization of Trusted Variables or Data Stores

  • Vulnerable module: ch.qos.logback:logback-core
  • Introduced through: ch.qos.logback:logback-classic@1.5.16

Detailed paths

  • Introduced through: adaptris/interlok-kafka@adaptris/interlok-kafka#d9427b53c2b543d78c85ffab2d6e67d4db20bef0 ch.qos.logback:logback-classic@1.5.16 ch.qos.logback:logback-core@1.5.16
    Remediation: Upgrade to ch.qos.logback:logback-classic@1.5.25.

Overview

ch.qos.logback:logback-core is a logback-core module.

Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores during the configuration file processing. An attacker can instantiate arbitrary classes already present on the class path by compromising an existing configuration file.

Remediation

Upgrade ch.qos.logback:logback-core to version 1.5.25 or higher.

References

External Initialization of Trusted Variables or Data Stores vulnerability report