com.rabbitmq:amqp-client@3.1.0 vulnerabilities

  • latest version

    5.24.0

  • latest non vulnerable version

  • first published

    16 years ago

  • latest version published

    12 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the com.rabbitmq:amqp-client package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Resource Exhaustion

    Affected versions of this package are vulnerable to Resource Exhaustion in DirectMessageListenerContainer.java, which does not use maxBodyLebgth. An attacker can cause a memory overflow and trigger an Out Of Memory error by sending a very large Message object.

    How to fix Resource Exhaustion?

    Upgrade com.rabbitmq:amqp-client to version 5.14.3, 5.16.1, 5.17.1 or higher.

    [,5.14.3)[5.15.0,5.16.1)[5.17.0,5.17.1)
    • C
    Man-in-the-Middle (MitM)

    Affected versions of this package are vulnerable to Man-in-the-Middle (MitM) due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.

    How to fix Man-in-the-Middle (MitM)?

    Upgrade com.rabbitmq:amqp-client to version 4.8.0, 5.4.0 or higher.

    [,4.8.0)[5.0.0,5.4.0)