AIKIDO-2024-10324

kafka-connect-client is vulnerable to Inadequate Encryption Strength

Inadequate Encryption Strength Pre-CVE Published Oct 7, 2024

High Risk

This Affects:

kafka-connect-client

1.0.0 - 4.0.4

Fixed in 4.0.5

Are you affected? Scan for Free

TL;DR

Affected versions of the package are vulnerable to inadequate encryption strength. They support the insecure TLS 1.0 and TLS 1.1 protocols, which are susceptible to man-in-the-middle attacks, compromising the confidentiality and integrity of data.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

kafka-connect-client is vulnerable to Inadequate Encryption Strength in versions 1.0.0 - 4.0.4.

How to fix this

Upgrade the org.sourcelab:kafka-connect-client library to the patch version.

High Risk

This Affects:

kafka-connect-client

1.0.0 - 4.0.4

Fixed in 4.0.5

Are you affected? Scan for Free

Links

github.com/SourceLabOrg/kafka-connect-client/releases/tag/v4.0.5

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free

Book a Demo

Free. No credit card required.

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Stay up to date with all updates

LinkedIn YouTube X

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2Compliant

ISO 27001Compliant