2 matches found
com.confluex:qpid-in-a-can (=0.2.0), com.dell.cpsd.common.messaging:common-testing (=1.5.0) +22 more potentially affected by CVE-2016-4432 via org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol (>=0.24 <=6.0.2)
org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol MAVEN version =0.24, =2.0.0, =1.0.0, =0.1, =0.1, =10.0.0, =0.24, =0.24, =0.24, =10.0.0, =10.0.1 and more Source cves: CVE-2016-4432 Source advisory: OSV:GHSA-Q66C-H853-GQW2...
CVE-2016-4432
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...