Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.pulsar/pulsar-websocket@2.11.2
purl pkg:maven/org.apache.pulsar/pulsar-websocket@2.11.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-c4mz-mrrx-63g2 Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions. CVE-2023-37544
GHSA-83q5-whqp-r8jr

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-07T20:51:21.839949+00:00 GHSA Importer Fixing VCID-c4mz-mrrx-63g2 https://github.com/advisories/GHSA-83q5-whqp-r8jr 38.6.0
2026-06-04T17:17:26.472761+00:00 GithubOSV Importer Fixing VCID-c4mz-mrrx-63g2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-83q5-whqp-r8jr/GHSA-83q5-whqp-r8jr.json 38.6.0
2026-06-02T04:46:42.752753+00:00 GitLab Importer Fixing VCID-c4mz-mrrx-63g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.pulsar/pulsar-websocket/CVE-2023-37544.yml 38.6.0