Giters

apache / pulsar

Apache Pulsar - distributed pub-sub messaging system

Home Page:https://pulsar.apache.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Bug] Postgresql has a vulnerability CVE-2024-1597

nikhil-ctds opened this issue · comments

commented

Search before asking

  • I searched in the issues and found nothing similar.

Read release policy

  • I understand that unsupported versions don't get bug fixes. I will attempt to reproduce the issue on a supported version of Pulsar client and Pulsar broker.

Version

Version - 3.3.0-SNAPSHOT
Branch - master

Minimal reproduce step

Ran owasp-dependency-check

What did you expect to see?

No Vulnerabilities

What did you see instead?

[ERROR] postgresql-42.5.0.jar: CVE-2024-1597(9.8)
[ERROR] postgresql-42.5.1.jar: CVE-2024-1597(9.8)

Found a Critical Vulnerability on org.postgresql:postgresql version 42.5.1 (used for jdbc connector) & 42.5.0 (used for debezium connector)
CVE-2024-1597
Github Advisory link - GHSA-24rp-q3w6-vc56

Anything else?

No response

Are you willing to submit a PR?

  • I'm willing to submit a PR!