6 matches found
CVE-2023-46118
CVE-2023-46118 affects RabbitMQ’s HTTP API where no request body size limit was enforced. An authenticated user can send oversized messages via the HTTP API, potentially triggering target node termination by an OOM-like mechanism (DoS). The vulnerability is addressed by patches in RabbitMQ server...
CVE-2019-11291
CVE-2019-11291 affects Pivotal RabbitMQ: 3.7.x before 3.7.20, 3.8.x before 3.8.1, and RabbitMQ for PCF (1.16.x before 1.16.7, 1.17.x before 1.17.4). The underlying issue is improper sanitization of input in the federation and shovel endpoints, enabling a remote authenticated attacker with adminis...
CVE-2021-22116
CVE-2021-22116 affects RabbitMQ prior to 3.8.16, exposing a denial-of-service via improper input validation in the AMQP 1.0 client connection endpoint. A remote attacker can send crafted AMQP messages to a RabbitMQ server with the AMQP 1.0 plugin enabled, potentially crashing the server. Public a...
CVE-2021-32719
CVE-2021-32719 affects RabbitMQ’s rabbitmq-server prior to version 3.8.18 where, when a federation link is shown in the management UI via the rabbitmq_federation_management plugin, the consumer tag is rendered without proper [removed] tag sanitization. This could allow JavaScript execution in the...
CVE-2021-32718
RabbitMQ CVE-2021-32718 affects rabbitmq-server
CVE-2022-31008
CVE-2022-31008 affects RabbitMQ where the shovel and federation plugins obfuscate URI state using an encryption key seeded with a predictable secret. This can, under certain plugin-related exceptions, reveal deobfuscatable data in node logs. Patched versions are 3.10.2, 3.9.18, and 3.8.32. If upg...