VulnerableCode Package Details - pkg:maven/org.apache.zookeeper/zookeeper@3.5.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-a3pn-rybm-6kdy Aliases: CVE-2018-8012 GHSA-ccqf-c5hq-77mp	Missing Authorization No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.	3.5.4-beta Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.5.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-e41j-4y91-7kd8 Aliases: CVE-2019-0201 GHSA-2hw2-62cp-p9p7	Information disclosure ZooKeeper's `getACL()` command does not check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. `DigestAuthenticationProvider` overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by `getACL()` request for unauthenticated or unprivileged users.	3.5.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wme5-ec4u-jqd8 Aliases: CVE-2017-5637 GHSA-7cwj-j333-x7f7	Missing Authentication for Critical Function Two `wchp` and `wchc` commands are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests.	3.5.3-beta Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.5.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-a3pn-rybm-6kdy
Aliases:
CVE-2018-8012
GHSA-ccqf-c5hq-77mp

Missing Authorization No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

3.5.4-beta
Affected by 2 other vulnerabilities.

3.5.4
Affected by 1 other vulnerability.

VCID-e41j-4y91-7kd8
Aliases:
CVE-2019-0201
GHSA-2hw2-62cp-p9p7

Information disclosure ZooKeeper's `getACL()` command does not check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. `DigestAuthenticationProvider` overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by `getACL()` request for unauthenticated or unprivileged users.

3.5.5
Affected by 1 other vulnerability.

VCID-wme5-ec4u-jqd8
Aliases:
CVE-2017-5637
GHSA-7cwj-j333-x7f7

Missing Authentication for Critical Function Two `wchp` and `wchc` commands are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests.

3.5.3-beta
Affected by 3 other vulnerabilities.

3.5.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:00:57.592542+00:00	GHSA Importer	Affected by	VCID-wme5-ec4u-jqd8	https://github.com/advisories/GHSA-7cwj-j333-x7f7	38.0.0
2026-04-01T15:57:30.073796+00:00	GHSA Importer	Affected by	VCID-e41j-4y91-7kd8	https://github.com/advisories/GHSA-2hw2-62cp-p9p7	38.0.0
2026-04-01T12:48:29.146254+00:00	GitLab Importer	Affected by	VCID-e41j-4y91-7kd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.zookeeper/zookeeper/CVE-2019-0201.yml	38.0.0
2026-04-01T12:47:40.994384+00:00	GitLab Importer	Affected by	VCID-a3pn-rybm-6kdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.zookeeper/zookeeper/CVE-2018-8012.yml	38.0.0
2026-04-01T12:47:24.259617+00:00	GitLab Importer	Affected by	VCID-wme5-ec4u-jqd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.zookeeper/zookeeper/CVE-2017-5637.yml	38.0.0