CVE-2023-52251
maven/com.provectus/kafka-ui-serde-api
Improper Control of Generation of Code ('Code Injection')
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
All versions starting from 0.4.0 up to 0.7.1
Upgrade to version 1.0.0 or above.
2024-02-01
source |