CVE-2021-38153: Information Exposure Through Discrepancy
(updated )
Some components in Apache Kafka use Arrays.equals
to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.
References
Detect and mitigate CVE-2021-38153 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →