Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zlib library security vulnerability through to version 1.3 #4653

Open
7 tasks done
MiikaL opened this issue Mar 19, 2024 · 1 comment
Open
7 tasks done

zlib library security vulnerability through to version 1.3 #4653

MiikaL opened this issue Mar 19, 2024 · 1 comment

Comments

@MiikaL
Copy link

MiikaL commented Mar 19, 2024

Description

We use the Confluent.Kafka nuget which makes use of librdkafka, and we are receiving a security warning about the version of zlib in use:

One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0':
zlib1.dll: CVE-2023-45853(9.8), CVE-2002-0059(9.8), CVE-2022-37434(9.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-45853

Checklist

IMPORTANT: We will close issues where the checklist has not been completed.

Please provide the following information:

  • librdkafka version (release number or git tag): 2.3.1
  • Apache Kafka version: N/A
  • librdkafka client configuration: N/A
  • Operating system: windows
  • Provide logs (with debug=.. as necessary) from librdkafka
  • Provide broker log excerpts
  • Critical issue
@mikajylha mikajylha mentioned this issue Apr 12, 2024
Open
6 tasks
Closed
@janjwerner-confluent
Copy link
Member

Thank you for the report. We are in the process of resolving this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MiikaL @janjwerner-confluent