3 matches found
cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)
io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...
CVE-2023-32081
Vert.x STOMP server allows clients to subscribe/publish without prior authentication by accepting STOMP frames before a valid initial CONNECT frame. Affects Vert.x STOMP servers in versions 3.1.0–3.9.16 and 4.0.0–4.4.2; root cause is failure to validate the initial CONNECT frame before replying w...
CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...