pulsar icon indicating copy to clipboard operation
pulsar copied to clipboard

[Bug] Postgresql has a vulnerability CVE-2024-1597

Open nikhil-ctds opened this issue 9 months ago • 0 comments

Search before asking

  • [X] I searched in the issues and found nothing similar.

Read release policy

  • [X] I understand that unsupported versions don't get bug fixes. I will attempt to reproduce the issue on a supported version of Pulsar client and Pulsar broker.

Version

Version - 3.3.0-SNAPSHOT Branch - master

Minimal reproduce step

Ran owasp-dependency-check

What did you expect to see?

No Vulnerabilities

What did you see instead?

[ERROR] postgresql-42.5.0.jar: CVE-2024-1597(9.8)
[ERROR] postgresql-42.5.1.jar: CVE-2024-1597(9.8)

Found a Critical Vulnerability on org.postgresql:postgresql version 42.5.1 (used for jdbc connector) & 42.5.0 (used for debezium connector) CVE-2024-1597 Github Advisory link - https://github.com/advisories/GHSA-24rp-q3w6-vc56

Anything else?

No response

Are you willing to submit a PR?

  • [ ] I'm willing to submit a PR!

nikhil-ctds avatar May 01 '24 07:05 nikhil-ctds