vertx-stomp is vulnerable to Improper Authentication. Without requiring a prior CONNECT frame reply with a successful CONNECTED frame, Vert.x STOMP
servers handle client STOMP frames, enabling clients to publish messages or subscribe to destinations, resulting in an attacker subscribing to a destination or publish message without prior authentication.
CPE | Name | Operator | Version |
---|---|---|---|
vert.x stomp | le | 3.9.15 | |
vert.x stomp | le | 4.4.1 | |
vert.x stomp | le | 3.9.15 | |
vert.x stomp | le | 4.4.1 |
github.com/advisories/GHSA-gvrq-cg5r-7chp
github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b
github.com/vert-x3/vertx-stomp/commit/3c43d9b5bc7ee0ce4dad3bf005e41ccbada7ed49
github.com/vert-x3/vertx-stomp/commit/d910b72dcca54047fb5628c9e8d7c63893cd32fc
github.com/vert-x3/vertx-stomp/security/advisories/GHSA-gvrq-cg5r-7chp