Improper Authentication

vertx-stomp is vulnerable to Improper Authentication. Without requiring a prior CONNECT frame reply with a successful CONNECTED frame, Vert.x STOMP servers handle client STOMP frames, enabling clients to publish messages or subscribe to destinations, resulting in an attacker subscribing to a...

cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)

io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

com.nachinius:stomp-for-akka-streams_2.12 (=0.1.2), io.github.davidgregory084:vertices-stomp_2.12 (>=0.1.1 <=0.1.2) +9 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=3.1.0 <=3.9.15)

io.vertx:vertx-stomp MAVEN version =3.1.0, =0.1.1, =0.1.0, =3.4.0, =3.1.0, =3.1.0, =3.4.0, =3.9.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

vert.x-stomp 授权问题漏洞

vert.x-stomp is a STOMP client/server implementation of the Eclipse Vert.x open source. An authorization issue vulnerability exists in vert.x-stomp versions prior to 3.1.0 to 3.9.16 and 4.0.0 to 4.4.2, which stems from a client being able to subscribe to a destination or publish a message without...

PT-2023-23593 · Unknown · Vert.X Stomp

Name of the Vulnerable Software and Affected Versions: Vert.x STOMP versions 3.1.0 through 3.9.16 Vert.x STOMP versions 4.0.0 through 4.4.2 Description: The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame replied with a successful...