com.itv:bucky-example_2.11 (>=0.10 <=1.4.5), com.itv:bucky-example_2.12 (>=0.10 <=1.4.5) +4 more potentially affected by CVE-2016-8741 via org.apache.qpid:qpid-broker (=6.0.4)

org.apache.qpid:qpid-broker MAVEN version =6.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.qpid:qpid-broker and may be impacted: - com.itv:bucky-example2.11 =0.10, =0.10, =0.10, =0.10, =1.4.5 - com.itv:bucky-wiring2.11 =1.4.5 -...

CVE-2016-8741

Apache Qpid Broker for Java (6.0.x before 6.0.6; 6.1.x before 6.1.1) is affected. The SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProviders prematurely terminate SCRAM SASL negotiation when the provided username does not exist, enabling remote attackers to determine whether a user exists. The iss...