VulnerableCode Package Details - pkg:maven/org.apache.pulsar/pulsar-client@2.9.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.pulsar/pulsar-client@2.9.0

purl	pkg:maven/org.apache.pulsar/pulsar-client@2.9.0

Next non-vulnerable version	2.9.3
Latest non-vulnerable version	2.10.1
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-p4nm-mzhn-r7eu Aliases: CVE-2022-33681 GHSA-c5fp-x2h5-vjv7	Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM	2.9.3 Affected by 0 other vulnerabilities. 2.10.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-p4nm-mzhn-r7eu
Aliases:
CVE-2022-33681
GHSA-c5fp-x2h5-vjv7

Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

2.9.3
Affected by 0 other vulnerabilities.

2.10.1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:36:00.824652+00:00	GHSA Importer	Affected by	VCID-p4nm-mzhn-r7eu	https://github.com/advisories/GHSA-c5fp-x2h5-vjv7	38.6.0
2026-06-05T17:12:19.620537+00:00	GitLab Importer	Affected by	VCID-p4nm-mzhn-r7eu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.pulsar/pulsar-client/CVE-2022-33681.yml	38.6.0