Vulnerability Reportdebezium/connect:2.7.3.Final

debezium/connect:2.7.3.Final
DIGESTsha256:997b67feff614549acd20d54bfed398fc73b339881c649d42821c1e55ec9972b

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution via SnakeYaml deserialization (CVE-2022-1471), arbitrary file read or SSRF through Kafka client config (CVE-2025-27817), or HTTP request smuggling to bypass REST API security (CVE-2026-2332). Note: CVE-2025-27817 requires specific SASL/OAUTHBEARER configuration, but the other two are exploitable without special conditions. This image must not be used in any production environment until all critical vulnerabilities are patched.

Vulnerabilities

Vulnerability Log

92 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-1471CRITICAL10
org.yaml:snakeyaml
1.33
fixed in 2.0
99.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2025-27817CRITICAL10
org.apache.kafka:kafka-clients
3.7.0
fixed in 3.9.1
62.4%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2026-2332CRITICAL9.1
org.eclipse.jetty:jetty-http
9.4.53.v20231009
fixed in 12.1.7, 12.0.33
1.1%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2025-48734HIGH7.04
commons-beanutils:commons-beanutils
1.9.4
fixed in 1.11.0
1.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-47561HIGH7.04
org.apache.avro:avro
1.11.1
fixed in 1.11.4
3.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-54512MEDIUM6.88
com.fasterxml.jackson.core:jackson-databind
2.13.4.2
fixed in 2.18.8, 3.1.4, 2.21.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-54513MEDIUM6.88
com.fasterxml.jackson.core:jackson-databind
2.13.4.2
fixed in 2.18.8, 2.21.4, 3.1.4
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-54512MEDIUM6.88
com.fasterxml.jackson.core:jackson-databind
2.16.0
fixed in 2.18.8, 3.1.4, 2.21.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-54513MEDIUM6.88
com.fasterxml.jackson.core:jackson-databind
2.16.0
fixed in 2.18.8, 2.21.4, 3.1.4
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-44249MEDIUM6.88
io.netty:netty-handler
4.1.100.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27830MEDIUM6.8
com.mchange:c3p0
0.9.5.5
fixed in 0.12.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-27818MEDIUM6.8
org.apache.kafka:kafka_2.13
3.7.0
fixed in 3.9.1
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-8184MEDIUM6.5
org.eclipse.jetty:jetty-server
9.4.53.v20231009
fixed in 12.0.9, 10.0.24, 11.0.24, 9.4.56
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-52999MEDIUM6.38
com.fasterxml.jackson.core:jackson-core
2.13.4
fixed in 2.15.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-50193MEDIUM6.38
com.fasterxml.jackson.core:jackson-databind
2.13.4.2
fixed in 2.14.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-55163MEDIUM6.38
io.grpc:grpc-netty-shaded
1.49.0
fixed in 1.75.0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42583MEDIUM6.38
io.netty:netty-codec
4.1.100.Final
fixed in 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58057MEDIUM6.38
io.netty:netty-codec
4.1.100.Final
fixed in 4.1.125.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33870MEDIUM6.38
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.1.132.Final, 4.2.10.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-42585MEDIUM6.38
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-58056MEDIUM6.38
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.1.125.Final, 4.2.5.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-55163MEDIUM6.38
io.netty:netty-codec-http2
4.1.100.Final
fixed in 4.2.4.Final, 4.1.124.Final
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42587MEDIUM6.38
io.netty:netty-codec-http2
4.1.100.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-48043MEDIUM6.38
io.netty:netty-codec-http2
4.1.100.Final
fixed in 4.1.135.Final, 4.2.15.Final
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-45416MEDIUM6.38
io.netty:netty-handler
4.1.100.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-50010MEDIUM6.38
io.netty:netty-handler
4.1.100.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42578MEDIUM6.38
io.netty:netty-handler-proxy
4.1.100.Final
fixed in 4.1.133.Final, 4.2.13.Final
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-45292MEDIUM6.38
io.opentelemetry:opentelemetry-api
1.23.1
fixed in 1.62.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-29371MEDIUM6.38
org.bitbucket.b_c:jose4j
0.9.4
fixed in 0.9.6
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-9823MEDIUM6.38
org.eclipse.jetty:jetty-servlets
9.4.53.v20231009
fixed in 9.4.54, 10.0.18, 11.0.18
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-66566MEDIUM6.38
org.lz4:lz4-java
1.8.0
No fix yet
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42198MEDIUM6.38
org.postgresql:postgresql
42.6.1
fixed in 42.7.11
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-56128MEDIUM6.29
org.apache.kafka:kafka_2.13
3.7.0
fixed in 3.7.2, 3.8.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-24281MEDIUM6.29
org.apache.zookeeper:zookeeper
3.8.3
fixed in 3.8.6, 3.9.5
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42584MEDIUM6.18
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2024-13009MEDIUM6.12
org.eclipse.jetty:jetty-server
9.4.53.v20231009
fixed in 9.4.57.v20241219
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-2976MEDIUM6.03
com.google.guava:guava
30.1.1-jre
fixed in 32.0.0-android
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-2976MEDIUM6.03
com.google.guava:guava
31.1-jre
fixed in 32.0.0-android
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-7254MEDIUM6
com.google.protobuf:protobuf-java
3.21.7
fixed in 3.25.5, 4.27.5, 4.28.2
2.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-7254MEDIUM6
com.google.protobuf:protobuf-java
3.23.4
fixed in 3.25.5, 4.27.5, 4.28.2
2.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-7254MEDIUM6
com.google.protobuf:protobuf-java
3.25.2
fixed in 3.25.5, 4.27.5, 4.28.2
2.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-39410MEDIUM6
org.apache.avro:avro
1.11.1
fixed in 1.11.3
1.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-24308MEDIUM6
org.apache.zookeeper:zookeeper
3.8.3
fixed in 3.9.5, 3.8.6
1.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-45688MEDIUM6
org.json:json
20220320
fixed in 20230227
1.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-5072MEDIUM6
org.json:json
20220320
fixed in 20231013
1.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-67030MEDIUM5.98
org.codehaus.plexus:plexus-utils
3.3.1
fixed in 4.0.3, 3.6.1
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2024-2700MEDIUM5.95
io.quarkus:quarkus-core
2.14.0.Final
fixed in 3.9.2, 3.8.4, 3.2.12.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-45673MEDIUM5.78
io.netty:netty-resolver-dns
4.1.111.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-35554MEDIUM5.78
org.apache.kafka:kafka-clients
3.7.0
fixed in 3.9.2, 4.0.2, 4.1.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-23944MEDIUM5.61
org.apache.zookeeper:zookeeper
3.8.3
fixed in 3.8.4, 3.9.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-67735MEDIUM5.52
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.2.8.Final, 4.1.129.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-41417MEDIUM5.52
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.1.133.Final, 4.2.13.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42580MEDIUM5.52
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-11143MEDIUM5.52
org.eclipse.jetty:jetty-http
9.4.53.v20231009
fixed in 12.0.31, 12.1.5
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-12183MEDIUM5.52
org.lz4:lz4-java
1.8.0
fixed in 1.8.1
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-29025MEDIUM5.3
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.1.108.Final
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-31141MEDIUM5.3
org.apache.kafka:kafka-clients
3.7.0
fixed in 3.7.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2024-47535MEDIUM4.67
io.netty:netty-common
4.1.100.Final
fixed in 4.1.115.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-25193MEDIUM4.67
io.netty:netty-common
4.1.100.Final
fixed in 4.1.118.Final
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-25710MEDIUM4.67
org.apache.commons:commons-compress
1.21
fixed in 1.26.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-26308MEDIUM4.67
org.apache.commons:commons-compress
1.21
fixed in 1.26.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-54514MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.13.4.2
fixed in 2.18.8, 2.21.4, 3.1.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54515MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.13.4.2
fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-54514MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.16.0
fixed in 2.18.8, 2.21.4, 3.1.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54515MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.16.0
fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50020MEDIUM4.5
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-47244MEDIUM4.5
io.netty:netty-codec-http2
4.1.100.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50560MEDIUM4.5
io.netty:netty-codec-http2
4.1.100.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-6763MEDIUM4.5
org.eclipse.jetty:jetty-http
9.4.53.v20231009
fixed in 12.0.12
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-3588MEDIUM4.5
org.jsonschema2pojo:jsonschema2pojo-core
1.1.1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-47554MEDIUM4.3
commons-io:commons-io
2.11.0
fixed in 2.14.0
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-48924LOW3.7
org.apache.commons:commons-lang3
3.12.0
fixed in 3.18.0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-48924LOW3.7
org.apache.commons:commons-lang3
3.8.1
fixed in 3.18.0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-epoll
4.1.100.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-45536LOW3.4
io.netty:netty-transport-native-epoll
4.1.111.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-45674LOW3.06
io.netty:netty-resolver-dns
4.1.111.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-47691LOW3.06
io.netty:netty-resolver-dns
4.1.111.Final
fixed in 4.2.15.Final, 4.1.135.Final
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-27727LOW3
com.mchange:mchange-commons-java
0.2.19
fixed in 0.4.0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-42581LOW3
io.netty:netty-codec-http
4.1.100.Final
fixed in 4.2.13.Final, 4.1.133.Final
0.6%
Theoretical Threat
Post-Exploit
CVE-2020-8908LOW2.8
com.google.guava:guava
30.1.1-jre
fixed in 32.0.0-android
1.0%
Theoretical Threat
Directly Exposed
CVE-2020-8908LOW2.8
com.google.guava:guava
31.1-jre
fixed in 32.0.0-android
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42579LOW2.78
io.netty:netty-codec-dns
4.1.111.Final
fixed in 4.2.13.Final, 4.1.133.Final
1.0%
Theoretical Threat
Post-Exploit
CVE-2026-33871LOW2.7
io.netty:netty-codec-http2
4.1.100.Final
fixed in 4.1.132.Final, 4.2.11.Final
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-24970LOW2.7
io.netty:netty-handler
4.1.100.Final
fixed in 4.1.118.Final
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2023-2974LOW2.48
io.quarkus:quarkus-core
2.14.0.Final
fixed in 2.16.8.Final
0.9%
Theoretical Threat
Post-Exploit
CVE-2025-48924NONE0
commons-lang:commons-lang
2.6
No fix yet
2.2%
Low-Moderate Risk
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.13.4
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.16.0
fixed in 2.21.1, 2.18.6
Not Applicable
CVE-2026-33558NONE0
org.apache.kafka:kafka-clients
3.7.0
fixed in 3.9.2, 4.0.1
0.5%
Theoretical Threat
Not Applicable
GHSA-2r2c-cx56-8933NONE0
org.jline:jline-remote-telnet
3.22.0
fixed in 4.2.1
Not Applicable
GHSA-47qp-hqvx-6r3fNONE0
org.jline:jline-remote-telnet
3.22.0
fixed in 4.2.1
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.