-
Notifications
You must be signed in to change notification settings - Fork 72
/
Copy pathapache-pulsar.advisories.yaml
130 lines (125 loc) · 4.27 KB
/
apache-pulsar.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
schema-version: 2.0.2
package:
name: apache-pulsar
advisories:
- id: CGA-3mr5-vjhc-vp3x
aliases:
- CVE-2024-53990
- GHSA-mfj5-cf8g-g2fv
events:
- timestamp: 2024-12-17T21:08:26Z
type: detection
data:
type: scan/v1
data:
subpackageName: apache-pulsar
componentID: d9d962ed5f911dfc
componentName: async-http-client
componentVersion: 2.12.1
componentType: java-archive
componentLocation: /usr/share/java/pulsar/lib/org.asynchttpclient-async-http-client-2.12.1.jar
scanner: grype
- timestamp: 2024-12-18T00:08:34Z
type: fixed
data:
fixed-version: 4.0.1-r1
- id: CGA-g9f5-gvgx-jg3v
aliases:
- CVE-2025-24970
- GHSA-4g8c-wm8x-jfhw
events:
- timestamp: 2025-02-11T08:09:48Z
type: detection
data:
type: scan/v1
data:
subpackageName: apache-pulsar
componentID: 55bb0b158cf44b87
componentName: netty-handler
componentVersion: 4.1.116.Final
componentType: java-archive
componentLocation: /usr/share/java/pulsar/lib/io.netty-netty-handler-4.1.116.Final.jar
scanner: grype
- timestamp: 2025-02-27T13:37:25Z
type: fixed
data:
fixed-version: 4.0.3-r0
- id: CGA-mxg5-5rwg-w4hr
aliases:
- CVE-2025-25193
- GHSA-389x-839f-4rhx
events:
- timestamp: 2025-02-11T08:09:46Z
type: detection
data:
type: scan/v1
data:
subpackageName: apache-pulsar
componentID: 751d34364b77c301
componentName: netty-common
componentVersion: 4.1.116.Final
componentType: java-archive
componentLocation: /usr/share/java/pulsar/lib/io.netty-netty-common-4.1.116.Final.jar
scanner: grype
- timestamp: 2025-02-13T19:41:38Z
type: false-positive-determination
data:
type: vulnerable-code-cannot-be-controlled-by-adversary
note: Vulnerability affects only Windows systems.
- id: CGA-w8m5-m487-94w6
aliases:
- CVE-2024-6763
- GHSA-qh8g-58pp-2wxh
events:
- timestamp: 2024-12-17T21:08:27Z
type: detection
data:
type: scan/v1
data:
subpackageName: apache-pulsar
componentID: 71c4c3b48deaff20
componentName: jetty-http
componentVersion: 9.4.56.v20240826
componentType: java-archive
componentLocation: /usr/share/java/pulsar/lib/org.eclipse.jetty-jetty-http-9.4.56.v20240826.jar
scanner: grype
- timestamp: 2024-12-18T14:41:16Z
type: pending-upstream-fix
data:
note: The fix version of jetty-http is >=12.0.12, requiring a large refactor; there is an issue tracking the effort https://github.com/apache/pulsar/issues/22939
- timestamp: 2025-01-13T21:22:02Z
type: pending-upstream-fix
data:
note: Attempting to patch this CVE leads to build failures, and will require an update from upstream maintainers to remediate.
- timestamp: 2025-03-19T08:27:21Z
type: fixed
data:
fixed-version: 4.0.3-r0
- timestamp: 2025-03-21T07:08:36Z
type: detection
data:
type: scan/v1
data:
subpackageName: apache-pulsar
componentID: 71c4c3b48deaff20
componentName: jetty-http
componentVersion: 9.4.56.v20240826
componentType: java-archive
componentLocation: /usr/share/java/pulsar/lib/org.eclipse.jetty-jetty-http-9.4.56.v20240826.jar
scanner: grype
- timestamp: 2025-03-21T08:07:35Z
type: fixed
data:
fixed-version: 4.0.3-r0
- timestamp: 2025-03-24T10:44:10Z
type: detection
data:
type: scan/v1
data:
subpackageName: apache-pulsar
componentID: 71c4c3b48deaff20
componentName: jetty-http
componentVersion: 9.4.56.v20240826
componentType: java-archive
componentLocation: /usr/share/java/pulsar/lib/org.eclipse.jetty-jetty-http-9.4.56.v20240826.jar
scanner: grype