Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.2.3
-
None
-
None
Description
The Kafka repository was scanned with Mend's (formerly WhiteSource) SCA (software composition analysis) tool for 3rd party dependency vulnerabilities. We scanned Kafka version 3.2.3 on 9/20.
The scan result detected the following instances of vulnerability severities:
- 12 highs
- 12 mediums
- 1 low
We would like to submit the Mend findings (attached to this ticket) as a bug with the request to update to non-vulnerable library versions. In the attached spreadsheet, column W "Top Fix" has notes on non-vulnerable versions to upgrade to.
Is there an SLA or typical amount of time to remediate vulnerabilities in the Kafka repo?
Thank you.