Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Rabbitmq Security Vulnerabilities

cve
cve

CVE-2023-46118

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API....

4.9CVSS

6.5AI Score

0.001EPSS

2023-10-25 06:17 PM
177
cve
cve

CVE-2020-36282

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage...

9.8CVSS

9.6AI Score

0.004EPSS

2021-03-12 01:15 AM
67
5
cve
cve

CVE-2019-18609

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than...

9.8CVSS

9.3AI Score

0.007EPSS

2019-12-01 10:15 PM
115
cve
cve

CVE-2023-46120

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may.....

7.5CVSS

6.8AI Score

0.002EPSS

2023-10-25 06:17 PM
127
cve
cve

CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

7.5CVSS

7.4AI Score

0.001EPSS

2022-10-06 06:16 PM
78
11
cve
cve

CVE-2023-35789

An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its...

5.5CVSS

5.4AI Score

0.0004EPSS

2023-06-16 09:15 PM
33
cve
cve

CVE-2021-32719

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmq_federation_management plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...

4.8CVSS

5.4AI Score

0.001EPSS

2021-06-28 04:15 PM
109
4
cve
cve

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper <script> tag sanitization, potentially allowing for JavaScript code executi...

5.4CVSS

5.7AI Score

0.001EPSS

2021-06-28 03:15 PM
106
6