Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.typesafe.akka/akka-stream-kafka_2.12@4.0.0

Type maven

Namespace com.typesafe.akka

Name akka-stream-kafka_2.12

Version 4.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.0.2

Latest_non_vulnerable_version 4.0.2

Affected_by_vulnerabilities

url VCID-he7w-uyzv-suht

vulnerability_id VCID-he7w-uyzv-suht

summary

Lightbend Alpakka Kafka logs credentials on debug level
Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.

references

reference_url

https://akka.io/security/alpakka-kafka-cve-2023-29471.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:39:52Z/

url

https://akka.io/security/alpakka-kafka-cve-2023-29471.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29471

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18933
published_at	2026-06-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18973
published_at	2026-06-06T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1886
published_at	2026-06-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18881
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29471

reference_url

https://github.com/akka/alpakka-kafka

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/akka/alpakka-kafka

reference_url

https://github.com/akka/alpakka-kafka/issues/1592

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:39:52Z/

url

https://github.com/akka/alpakka-kafka/issues/1592

reference_url

https://github.com/akka/alpakka-kafka/pull/1614/commits/4011b704e93b22f6fd956aac516c7159d384644c

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/akka/alpakka-kafka/pull/1614/commits/4011b704e93b22f6fd956aac516c7159d384644c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-29471

reference_id

CVE-2023-29471

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-29471

reference_url

https://github.com/advisories/GHSA-55vq-xpjf-r2xc

reference_id

GHSA-55vq-xpjf-r2xc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-55vq-xpjf-r2xc

fixed_packages

url	pkg:maven/com.typesafe.akka/akka-stream-kafka_2.12@4.0.2
purl	pkg:maven/com.typesafe.akka/akka-stream-kafka_2.12@4.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-stream-kafka_2.12@4.0.2

aliases CVE-2023-29471, GHSA-55vq-xpjf-r2xc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-he7w-uyzv-suht

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-stream-kafka_2.12@4.0.0

Package Instance