akka-stream-kafka is vulnerable to Password Disclosure. The vulnerability exists because it does not redact the Consumer or Producer properties in logs, which allows an attacker to read credentials as plaintext through the akka.kafka.internal.KafkaConsumerActor
when debug logging is enabled.
CPE | Name | Operator | Version |
---|---|---|---|
akka-stream-kafka | le | 4.0.0 | |
akka-stream-kafka | le | 4.0.0 | |
akka-stream-kafka | le | 2.0.7 | |
akka-stream-kafka | le | 4.0.0 | |
akka-stream-kafka | le | 4.0.0 | |
akka-stream-kafka | le | 2.0.7 |