Home / os / winme

Kafka UI 0.7.1 Command Injection

Posted on 20 February 2024

A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.

 

TOP