Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| broadcom | rabbitmq_server | 3.8.0 - 3.8.1 | - |
| pivotal_software | rabbitmq | 1.16.0 - 1.16.7 | - |
| pivotal_software | rabbitmq |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8
Affected Products
12
References
broadcom / rabbitmq_server
| 1.17.0 - 1.17.4 |
| - |
| pivotal_software | rabbitmq | 3.7.0 - 3.7.21 | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - | - |
| redhat | openstack | - | - |
| debian | debian_linux | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact