GHSA-7xr3-rgwh-pw22
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7xr3-rgwh-pw22
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-7xr3-rgwh-pw22/GHSA-7xr3-rgwh-pw22.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7xr3-rgwh-pw22
- Aliases
- Published
- 2018-10-16T19:50:39Z
- Modified
- 2024-03-04T23:46:59.499172Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
- Details
-
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.x before 7.1.0 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-20" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:23:45Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-8030
- https://github.com/apache/qpid-broker-j/commit/025b48f3193e2b10b1c41d2bc3bcfc9cfc238a27
- https://github.com/advisories/GHSA-7xr3-rgwh-pw22
- https://github.com/apache/qpid-broker-j
- https://issues.apache.org/jira/browse/QPID-8203
- https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E
- http://www.securitytracker.com/id/1041138
Affected packages
Maven / org.apache.qpid:apache-qpid-broker-j
Package
- Name
- org.apache.qpid:apache-qpid-broker-j
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.qpid/apache-qpid-broker-j