com.rabbitmq:amqp-client

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.rabbitmq:amqp-clientpage 1 of 1

CVE-2018-11087MEDIUMCVSS 5.9EG 5.9✓ Fixed in 5.4.0
2018-09-14
vulnerable: 5.0.0 ... 5.3.0 (6 versions)
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to vie…
CVE-2023-46120MEDIUMCVSS 4.9EG 4.9✓ Fixed in 5.18.0
2023-10-25
vulnerable: 1.3.0 ... 5.9.0 (134 versions)
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memor…

Check whether com.rabbitmq:amqp-client is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.rabbitmq:amqp-client CVEs against the assets you own.

Start Free Scan →