CVE-2023-52251

Improper Control of Generation of Code ('Code Injection') in maven/com.provectus/kafka-ui-serde-api

Identifiers

CVE-2023-52251

Package Slug

maven/com.provectus/kafka-ui-serde-api

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.

Affected Versions

All versions starting from 0.4.0 up to 0.7.1

Solution

Upgrade to version 1.0.0 or above.

Last Modified

2024-02-01

source