Our Security scans detected Security vulnerability on package that is used in serchgurad.
Could you please upgrade this package to resolve the issue, state that Searchguard is not vulnerable with this.
Describe the issue:
Affected versions of this package are vulnerable to Timing Attack. Some components in Apache Kafka use
Arrays.equals to validate a password or key, which is vulnerable to brute force attacks by malicious users.
org.apache.kafka:kafka-clients to version 2.8.1, 2.7.2 or higher.
ID: VULNDB-268486, CVE-2021-38153