1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-W4G2-9HJ6-5472

[MAVEN:GHSA-W4G2-9HJ6-5472] Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp

Severity Moderate
Affected Packages 4
Fixed Packages 4
CVEs 1
Info Packages References Vulnerabilities

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.

Package Affected Version
pkg:maven/org.springframework.amqp/spring-amqp < 1.7.10
pkg:maven/org.springframework.amqp/spring-amqp >= 2.0.0, < 2.0.6
pkg:maven/com.rabbitmq/amqp-client >= 5.0.0, < 5.4.0
pkg:maven/com.rabbitmq/amqp-client < 4.8.0
Package Fixed Version
pkg:maven/org.springframework.amqp/spring-amqp = 1.7.10
pkg:maven/org.springframework.amqp/spring-amqp = 2.0.6
pkg:maven/com.rabbitmq/amqp-client = 5.4.0
pkg:maven/com.rabbitmq/amqp-client = 4.8.0
ID
MAVEN:GHSA-W4G2-9HJ6-5472
Severity
moderate
URL
https://github.com/advisories/GHSA-w4g2-9hj6-5472
Published
2018-10-18T18:06:08
(6 years ago)
Modified
2023-01-09T05:03:38
(20 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.springframework.amqp/spring-amqp org.springframework.amqp spring-amqp < 1.7.10
Fixed pkg:maven/org.springframework.amqp/spring-amqp org.springframework.amqp spring-amqp = 1.7.10
Affected pkg:maven/org.springframework.amqp/spring-amqp org.springframework.amqp spring-amqp >= 2.0.0 < 2.0.6
Fixed pkg:maven/org.springframework.amqp/spring-amqp org.springframework.amqp spring-amqp = 2.0.6
Affected pkg:maven/com.rabbitmq/amqp-client com.rabbitmq amqp-client >= 5.0.0 < 5.4.0
Fixed pkg:maven/com.rabbitmq/amqp-client com.rabbitmq amqp-client = 5.4.0
Affected pkg:maven/com.rabbitmq/amqp-client com.rabbitmq amqp-client < 4.8.0
Fixed pkg:maven/com.rabbitmq/amqp-client com.rabbitmq amqp-client = 4.8.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date