2 matches found
Server-Side Request Forgery (SSRF)
apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the allow/deny lists mechanism when establishing connections to untrusted AMQP servers. An attacker can achieve arbitrary code execution by crafting malicious responses that exploit unbounded...