GHSA-w4g2-9hj6-5472
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w4g2-9hj6-5472
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-w4g2-9hj6-5472/GHSA-w4g2-9hj6-5472.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w4g2-9hj6-5472
- Aliases
- Published
- 2018-10-18T18:06:08Z
- Modified
- 2023-11-08T03:59:45.285217Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
- Details
-
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:59:27Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-295" ] }- References
Affected packages
Maven / org.springframework.amqp:spring-amqp
Package
- Name
- org.springframework.amqp:spring-amqp
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.amqp/spring-amqp
Maven / org.springframework.amqp:spring-amqp
Package
- Name
- org.springframework.amqp:spring-amqp
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.amqp/spring-amqp
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.10
Affected versions
1.*
1.0.0.RELEASE
1.1.0.RELEASE
1.1.1.RELEASE
1.1.2.RELEASE
1.1.3.RELEASE
1.1.4.RELEASE
1.2.0.RELEASE
1.2.1.RELEASE
1.2.2.RELEASE
1.3.0.RELEASE
1.3.1.RELEASE
1.3.2.RELEASE
1.3.3.RELEASE
1.3.4.RELEASE
1.3.5.RELEASE
1.3.6.RELEASE
1.3.7.RELEASE
1.3.8.RELEASE
1.3.9.RELEASE
1.4.0.RELEASE
1.4.1.RELEASE
1.4.2.RELEASE
1.4.3.RELEASE
1.4.4.RELEASE
1.4.5.RELEASE
1.4.6.RELEASE
1.5.0.RELEASE
1.5.1.RELEASE
1.5.2.RELEASE
1.5.3.RELEASE
1.5.4.RELEASE
1.5.5.RELEASE
1.5.6.RELEASE
1.5.7.RELEASE
1.6.0.RELEASE
1.6.1.RELEASE
1.6.2.RELEASE
1.6.3.RELEASE
1.6.4.RELEASE
1.6.5.RELEASE
1.6.6.RELEASE
1.6.7.RELEASE
1.6.8.RELEASE
1.6.9.RELEASE
1.6.10.RELEASE
1.6.11.RELEASE
1.7.0.RELEASE
1.7.1.RELEASE
1.7.2.RELEASE
1.7.3.RELEASE
1.7.4.RELEASE
1.7.5.RELEASE
1.7.6.RELEASE
1.7.7.RELEASE
1.7.8.RELEASE
1.7.9.RELEASE
Maven / com.rabbitmq:amqp-client
Package
- Name
- com.rabbitmq:amqp-client
- View open source insights on deps.dev
- Purl
- pkg:maven/com.rabbitmq/amqp-client
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.8.0
Affected versions
1.*
1.3.0
1.5.4
1.5.5
1.6.0
1.7.2
1.8.0
1.8.1
2.*
2.0.0
2.1.0
2.1.1
2.2.0
2.3.0
2.3.1
2.4.1
2.5.0
2.5.1
2.6.0
2.6.1
2.7.0
2.7.1
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.1.0
4.1.1
4.2.0
4.2.1
4.2.2
4.3.0
4.4.0
4.4.1
4.4.2
4.5.0
4.6.0
4.7.0
Maven / com.rabbitmq:amqp-client
Package
- Name
- com.rabbitmq:amqp-client
- View open source insights on deps.dev
- Purl
- pkg:maven/com.rabbitmq/amqp-client