Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.pulsar/pulsar@2.11.1
Typemaven
Namespaceorg.apache.pulsar
Namepulsar
Version2.11.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bsyh-2rap-33h2
vulnerability_id VCID-bsyh-2rap-33h2
summary 
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.

This issue affects Apache Pulsar: before 2.10.4, and 2.11.0.

When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.

The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.

2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.
2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.
3.0 Pulsar Function Worker users are unaffected.
Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30429
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23427
published_at 2026-06-05T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23367
published_at 2026-06-07T12:55:00Z
2
value 0.00078
scoring_system epss
scoring_elements 0.23415
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30429
1
reference_url https://github.com/apache/pulsar
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/pulsar
2
reference_url https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T20:40:14Z/
url https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30429
reference_id CVE-2023-30429
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30429
4
reference_url https://github.com/advisories/GHSA-g9cv-v3v4-3h8r
reference_id GHSA-g9cv-v3v4-3h8r
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g9cv-v3v4-3h8r
fixed_packages
0
url pkg:maven/org.apache.pulsar/pulsar@2.10.4
purl pkg:maven/org.apache.pulsar/pulsar@2.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar@2.10.4
1
url pkg:maven/org.apache.pulsar/pulsar@2.11.1
purl pkg:maven/org.apache.pulsar/pulsar@2.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar@2.11.1
aliases CVE-2023-30429, GHSA-g9cv-v3v4-3h8r
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bsyh-2rap-33h2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.pulsar/pulsar@2.11.1