CVE-2021-38153

Information Exposure Through Discrepancy in maven/org.apache.kafka/kafka

Identifier

CVE-2021-38153

Package Slug

maven/org.apache.kafka/kafka

Vulnerability

Information Exposure Through Discrepancy

Description

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.

Affected Versions

All versions starting from 2.0.0 before 2.8.1

Solution

Upgrade to version 2.8.1 or above.

Last Modified

2021-10-01

source