vmware

rabbitmq_java_client

2 known vulnerabilities · sorted by CVSS score

CVE-2018-11087

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.

pivotal_software / spring_advanced_message_queuing_protocol+3

Network

Published Sep 14, 2018

CVE-2023-46120

MEDIUM4.9

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

vmware / rabbitmq_java_client

Network

Published Oct 25, 2023