fouadsemaan commented on pull request #7898: URL: https://github.com/apache/kafka/pull/7898#issuecomment-788957476
> > @dongjinleekr we're using strimzi/kafka / 0.21.0-kafka-2.7.0 > > Our SCA scanning Tool (JFrog XRay) found this CVE among many others (speaking of third party lib CVEs only). > > We're just wondering if there's a way (e.g. via message sanitizing or logging config adjustments, etc.) to be sure the mentioned CVE cannot be exploited. > > I have similar question, can this security vulnerability [CVE-2019-17571](https://github.com/advisories/GHSA-2qrg-x229-3v8q) get exploited. I use Kafka operator from Banzaicloud 0.12.3/ kafka:2.13-2.6.0 > > when will the custom release be available? > > thanks To @priyavj08's question, is the vulnerability invoked by Kafka or does it lie dormant? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
