Description
Kafka 3.2.1 is using ZooKeeper, which is affected by CVE-2021-37136 and CVE-2021-37137:
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584063] in io.netty:netty-codec@4.1.63.Final introduced by org.apache.kafka:kafka_2.13@3.2.1 > org.apache.zookeeper:zookeeper@3.6.3 > io.netty:netty-handler@4.1.63.Final > io.netty:netty-codec@4.1.63.Final This issue was fixed in versions: 4.1.68.Final ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584064] in io.netty:netty-codec@4.1.63.Final introduced by org.apache.kafka:kafka_2.13@3.2.1 > org.apache.zookeeper:zookeeper@3.6.3 > io.netty:netty-handler@4.1.63.Final > io.netty:netty-codec@4.1.63.Final This issue was fixed in versions: 4.1.68.Final
The issues were fixed in the next versions of ZooKeeper (starting from 3.6.4). ZooKeeper 3.7.1 is the next stable release at the moment.
Attachments
Attachments
Issue Links
- links to