Lucene search
K

7 matches found

Veracode
Veracode
added 2026/04/29 10:52 a.m.10 views

Improper Hostname Verification

Spring Boot is vulnerable to improper hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by impersonating the RabbitMQ broker...

9.1CVSS5.2AI score0.00157EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/22 4:11 p.m.6 views

CVE-2020-11981

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands...

9.8CVSS6.8AI score0.3398EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2023/10/26 6:27 p.m.44 views

CVE-2023-34050

A flaw was found in Spring Framework AMQP. An allowed list exists in Spring AMQP, but when no allowed list is provided, all classes could be deserialized, allowing a malicious user to send harmful content to the broker. Mitigation An application may be vulnerable if: - The SimpleMessageConverter...

4.3CVSS6.9AI score0.01537EPSS
Exploits0References4
NVD
NVD
added 2023/10/19 8:15 a.m.18 views

CVE-2023-34050

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

5CVSS5.2AI score0.01537EPSS
Exploits0References1
OSV
OSV
added 2023/10/19 7:11 a.m.36 views

CVE-2023-34050 Spring AMQP Deserialization Vulnerability

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

5CVSS6.2AI score0.01537EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/18 12:0 a.m.6 views

PT-2023-6408 · Spring · Spring Amqp

Name of the Vulnerable Software and Affected Versions: Spring AMQP versions 1.0.0 through 2.4.16 Spring AMQP versions 3.0.0 through 3.0.9 Description: The issue is related to shortcomings in the deserialization mechanism of the Spring AMQP RabbitMQ application. This could allow a remote attacker ...

6.8CVSS4.6AI score0.01537EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2019/12/10 12:0 a.m.31 views

Fedora 30 : librabbitmq (2019-dd7c8f5435)

Added: - amqpsslsocketgetcontext can be used to get the current OpenSSL CTX associated with a connection. Changed: - openssl: missing OpenSSL config is ignored as an OpenSSL init error 523 - AMQPDEFAULTMAXCHANNELS is now set to 2047 to follow current default channel limit in the RabbitMQ broker...

9.8CVSS8.2AI score0.03317EPSS
Exploits0References2
Rows per page
Query Builder