GHSA-3xgr-h5hq-7299: 
Java vulnerability analysis and mitigation

The vulnerability (GHSA-3xgr-h5hq-7299) affects the GeoIP processor in Data Prepper versions 2.7.0 through 2.12.2. Discovered and disclosed on October 15, 2025, this moderate severity issue involves improper SSL certificate validation when downloading GeoIP databases from HTTP URLs. The vulnerability specifically impacts the org.opensearch.dataprepper.plugins:geoip-processor Maven package (GitHub Advisory).

The vulnerability stems from a custom SSL implementation that completely bypasses certificate validation when downloading GeoIP databases. The initiateSSL() method was incorrectly implemented to trust all certificates, specifically: accepting all SSL certificates without validation, disabling server certificate verification, disabling client certificate verification, and disabling hostname verification. The vulnerability has a CVSS v3.1 score of 5.9 (Moderate) with the following metrics: Network attack vector, High attack complexity, No privileges required, No user interaction, Unchanged scope, No impact on confidentiality, High impact on integrity, and No impact on availability. The weakness is classified as CWE-295 (Improper Certificate Validation) (GitHub Advisory).

The vulnerability makes database downloads susceptible to man-in-the-middle attacks, potentially allowing attackers to serve malicious GeoIP databases. This could compromise the integrity of geolocation data processing in affected systems (GitHub Advisory).

The vulnerability has been patched in Data Prepper version 2.12.2. For systems where immediate upgrading is not possible, two workarounds are recommended: using local GeoIP database files instead of downloading from HTTP URLs, and ensuring database downloads occur only over trusted networks (GitHub Advisory).