We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Two CVE's with cvss score of 9.8 identified in this library, please help update.
curl 7.86.0 GHSA-75qm-2q4j-qx6g https://github.com/confluentinc/librdkafka/blob/master/mklove/modules/configure.libcurl#L48
zlib 1.2.13 GHSA-mq29-j5xf-cjwr https://github.com/confluentinc/librdkafka/blob/master/mklove/modules/configure.zlib#L45
Review source code and links provided. Use any SBOM vulnerability scanner to validate that the libraries are being linked into build.
Initially I discovered this in confluent-kafka-go, however, I believe the vulnerability is coming from the C base library librdkafka
v2.3.0
N/A
linux (any base distro)
The text was updated successfully, but these errors were encountered:
Related issue #4653
Sorry, something went wrong.
Another related issue in dotnet lib
Thank you for the report. We are in the process of resolving this issue.
No branches or pull requests
Description
Two CVE's with cvss score of 9.8 identified in this library, please help update.
curl 7.86.0
GHSA-75qm-2q4j-qx6g
https://github.com/confluentinc/librdkafka/blob/master/mklove/modules/configure.libcurl#L48
zlib 1.2.13
GHSA-mq29-j5xf-cjwr
https://github.com/confluentinc/librdkafka/blob/master/mklove/modules/configure.zlib#L45
How to reproduce
Review source code and links provided. Use any SBOM vulnerability scanner to validate that the libraries are being linked into build.
Initially I discovered this in confluent-kafka-go, however, I believe the vulnerability is coming from the C base library librdkafka
Checklist
v2.3.0
N/A
linux (any base distro)
The text was updated successfully, but these errors were encountered: