CVE-2023-32081
Vert.x STOMP server process client frames that would not send initially a connect frame
6.5
MEDIUM
CVSS 3.1
EPSS 0.35%
描述
### Impact A Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. ### Patches The issue is patched in Vert.x 4.4.2 and Vert.x 3.9.16 ### Workarounds No trivial workaround.
如何修補 CVE-2023-32081
要修補 CVE-2023-32081,請將受影響套件升級到下列已修補版本。
- —升級至 3.9.16 或更新版本
CVE-2023-32081 正在被利用嗎?
低 — EPSS 為 0.4%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 3.1.0, < 3.9.16
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |