Rewterz Threat Advisory – CVE-2021-20492 – IBM WebSphere Application Server XML external entity injection
May 27, 2021Rewterz Threat Alert – Lazarus APT Group Targeting China – IOCs
May 27, 2021Rewterz Threat Advisory – CVE-2021-20492 – IBM WebSphere Application Server XML external entity injection
May 27, 2021Rewterz Threat Alert – Lazarus APT Group Targeting China – IOCs
May 27, 2021Severity
Medium
Analysis Summary
CVE-2021-22160
Apache Pulsar could allow a remote attacker to obtain sensitive information, caused by a flaw when using tokens based on JSON Web Tokens (JWT). By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
Information Disclosure
Affected Vendors
Apache
Affected Products
Apache Pulsar 2.7.0
Remediation
Upgrade to the latest version of Apache Pulsar (2.7.1 or later), and download available patches from https://pulsar.apache.org/