python-qpid-proton 0.11.1.post1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the python-qpid-proton package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Certificate Validation python-qpid-proton is a lightweight messaging library. Affected versions of this package are vulnerable to Improper Certificate Validation. Under some circumstances, Apache Qpid Proton (The C library and its language bindings) can connect to a peer anonymously using TLS, even when configured to verify the peer certificate, while used with OpenSSL versions before 1.1.0. Exploiting this vulnerability is possible if an attacker can arrange to intercept TLS traffic. How to fix Improper Certificate Validation? Upgrade `python-qpid-proton` to version 0.27.1 or higher.	[0.9.1,0.27.1)
M Man-in-the-Middle (MitM) python-qpid-proton is a lightweight messaging library. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The `proton.reactor.Connector`, `proton.reactor.Container`, and `proton.utils.BlockingConnection` classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an `amqps` URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. How to fix Man-in-the-Middle (MitM)? Upgrade `python-qpid-proton` to version 0.12.1 or higher.	[,0.12.1)

Vulnerability

Vulnerable Version

Improper Certificate Validation

python-qpid-proton is a lightweight messaging library.

Affected versions of this package are vulnerable to Improper Certificate Validation. Under some circumstances, Apache Qpid Proton (The C library and its language bindings) can connect to a peer anonymously using TLS, even when configured to verify the peer certificate, while used with OpenSSL versions before 1.1.0. Exploiting this vulnerability is possible if an attacker can arrange to intercept TLS traffic.

How to fix Improper Certificate Validation?

Upgrade python-qpid-proton to version 0.27.1 or higher.

[0.9.1,0.27.1)

Man-in-the-Middle (MitM)

python-qpid-proton is a lightweight messaging library.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The proton.reactor.Connector, proton.reactor.Container, and proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

How to fix Man-in-the-Middle (MitM)?

Upgrade python-qpid-proton to version 0.12.1 or higher.

[,0.12.1)

python-qpid-proton@0.11.1.post1 vulnerabilities

An AMQP based messaging library.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically