5 matches found
EUVD-2023-1547
Malicious code in bioql PyPI...
CVE-2023-32081
A flaw was found in the Vert.X Stomp server. The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame and replied with a successful CONNECTED frame. A malicious user can connect and then create or receive unauthorized content...
Vert.x STOMP server process client frames that would not send initially a connect frame
Impact A Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with a...
GHSA-GVRQ-CG5R-7CHP Vert.x STOMP server process client frames that would not send initially a connect frame
Impact A Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with a...
CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...