Description
LibCurl
CVE-2024-7264
Librdkafka uses libcurl 8.8.0 , but this version is impacted by the CVE-2024-7264 vulnerability, therefore should be upgraded to version 8.9.1 or higher.
OpenSSL
CVE-2024-6119
CVE-2024-5535
CVE-2024-4741
CVE-2024-4603
CVE-2024-2511
Librdkafka uses OpenSSL 3.0.13 , but this version is impacted by a few vulnerabilities indicated above, so they should upgrade to 3.0.15: Release note
How to reproduce
No need, it is part of the librdkakfka code :
code link for libcurl
code link for openssl
Checklist
IMPORTANT: We will close issues where the checklist has not been completed.
Please provide the following information:
Description
LibCurl
CVE-2024-7264
Librdkafka uses libcurl 8.8.0 , but this version is impacted by the CVE-2024-7264 vulnerability, therefore should be upgraded to version 8.9.1 or higher.
OpenSSL
CVE-2024-6119
CVE-2024-5535
CVE-2024-4741
CVE-2024-4603
CVE-2024-2511
Librdkafka uses OpenSSL 3.0.13 , but this version is impacted by a few vulnerabilities indicated above, so they should upgrade to 3.0.15: Release note
How to reproduce
No need, it is part of the librdkakfka code :
code link for libcurl
code link for openssl
Checklist
IMPORTANT: We will close issues where the checklist has not been completed.
Please provide the following information:
v2.5.0