Product
apache pulsar
20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-30677
CVE-2024-29834
CVE-2024-28098
CVE-2024-27894
CVE-2024-27317
CVE-2024-27135
CVE-2022-34321
CVE-2023-51437
CVE-2023-37544
CVE-2023-37579
CVE-2023-31007
CVE-2023-30429
CVE-2023-30428
CVE-2022-33684
CVE-2022-33683
CVE-2022-33682
CVE-2022-33681
CVE-2022-24280
CVE-2021-41571
CVE-2021-22160
>= 2.3.0 and < 3.0.11
Apache Pulsar contains multiple connectors for integrating with Apache Kafka. The Pulsar IO Apache Kafka Source Connector, Sink Co
>= 2.7.1 and <= 2.10.6
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitione
>= 2.7.1 and < 2.10.6
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as rete
>= 2.4.0 and < 2.10.6
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implem
>= 2.4.0 and < 2.10.6
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are
>= 2.4.0 and < 2.10.6
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on th
>= 2.6.0 and < 2.10.6
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without au
<= 2.10.5
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Ro
< 2.10.5
Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint wit
< 2.10.4
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Puls
< 2.9.5
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a br
< 2.10.4
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.
>= 2.9.0 and <= 2.9.5
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user
<= 2.6.4
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow
< 2.7.5
Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tls
< 2.7.5
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar
< 2.7.5
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middl
<= 2.6.4
Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts
>= 2.6.0 and < 2.6.4
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated
< 2.7.1
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is