Lucene search
Veracode Vulnerability DatabaseVERACODE:40519HistoryMay 15, 2023 - 3:47 a.m.
Improper Authentication
2023-05-1503:47:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
vertx-stomp
vulnerability
authentication
software
stomp
servers
client frames
attacker
subscribe
0.001 Low
EPSS
Percentile
41.3%
vertx-stomp is vulnerable to Improper Authentication. Without requiring a prior CONNECT frame reply with a successful CONNECTED frame, Vert.x STOMP servers handle client STOMP frames, enabling clients to publish messages or subscribe to destinations, resulting in an attacker subscribing to a destination or publish message without prior authentication.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vert.x stomp | le | 3.9.15 | |
| vert.x stomp | le | 4.4.1 | |
| vert.x stomp | le | 3.9.15 | |
| vert.x stomp | le | 4.4.1 |
References
github.com/advisories/GHSA-gvrq-cg5r-7chp
github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b
github.com/vert-x3/vertx-stomp/commit/3c43d9b5bc7ee0ce4dad3bf005e41ccbada7ed49
github.com/vert-x3/vertx-stomp/commit/d910b72dcca54047fb5628c9e8d7c63893cd32fc
github.com/vert-x3/vertx-stomp/security/advisories/GHSA-gvrq-cg5r-7chp
Related
osv
osv
Vert.x STOMP server process client frames that would not send initially a connect frame
2023-05-12 20:20:19
CVE-2023-32081
2023-05-12 14:15:10
cvelist
cvelist
nvd
nvd
CVE-2023-32081
2023-05-12 14:15:10
redhatcve
redhatcve
CVE-2023-32081
2023-05-24 15:40:44
github
github
prion
prion
Authentication flaw
2023-05-12 14:15:00
cve
cve
CVE-2023-32081
2023-05-12 14:15:10