zlib library security vulnerability through to version 1.3
MiikaL opened this issue · comments
Description
We use the Confluent.Kafka nuget which makes use of librdkafka, and we are receiving a security warning about the version of zlib in use:
One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0':
zlib1.dll: CVE-2023-45853(9.8), CVE-2002-0059(9.8), CVE-2022-37434(9.8)
https://nvd.nist.gov/vuln/detail/CVE-2023-45853
Checklist
IMPORTANT: We will close issues where the checklist has not been completed.
Please provide the following information:
- librdkafka version (release number or git tag):
2.3.1
- Apache Kafka version:
N/A
- librdkafka client configuration:
N/A
- Operating system:
windows
- Provide logs (with
debug=..
as necessary) from librdkafka - Provide broker log excerpts
- Critical issue
Thank you for the report. We are in the process of resolving this issue.