CVE-2020-27217

CVE-2020-27217 : In Eclipse Hono versions 1.3.0 and 1.4.0, the AMQP protocol adapter does not verify the size of AMQP messages from devices. A device could send messages larger than the max-message-size indicated during link establishment; an ill-intentioned AMQP 1.0 client could exploit this to ...

CVE-2020-27220

CVE-2020-27220 affects the Eclipse Hono AMQP and MQTT protocol adapters. The root cause is a missing authorization check: an authenticated gateway device may receive command & control messages intended for a different device within the same tenant if it has subscribed only to commands for that de...