pulsar
pulsar copied to clipboard
[Bug] Postgresql has a vulnerability CVE-2024-1597
Search before asking
- [X] I searched in the issues and found nothing similar.
Read release policy
- [X] I understand that unsupported versions don't get bug fixes. I will attempt to reproduce the issue on a supported version of Pulsar client and Pulsar broker.
Version
Version - 3.3.0-SNAPSHOT
Branch - master
Minimal reproduce step
Ran owasp-dependency-check
What did you expect to see?
No Vulnerabilities
What did you see instead?
[ERROR] postgresql-42.5.0.jar: CVE-2024-1597(9.8)
[ERROR] postgresql-42.5.1.jar: CVE-2024-1597(9.8)
Found a Critical Vulnerability on org.postgresql:postgresql version 42.5.1 (used for jdbc connector) & 42.5.0 (used for debezium connector) CVE-2024-1597 Github Advisory link - https://github.com/advisories/GHSA-24rp-q3w6-vc56
Anything else?
No response
Are you willing to submit a PR?
- [ ] I'm willing to submit a PR!