Does CVE-2018-11087 affect RabbitMQ 4.1.4? #14760
-
Describe the bugOur security software, BlackDuck, has flagged RabbitMQ 4.1.4 as having the issue CVE-2018-11087. This seems like an old issue, but was just recently updated. The CVE flags the components "spring_advanced_message_queuing_protocol" and "rabbitmq_java_client" as the affected components. Reproduction stepsN/A Expected behaviorN/A Additional contextNo response |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
@harrisa-opentext https://nvd.nist.gov/vuln/detail/CVE-2018-11087 is a Spring AMQP vulnerability, not a RabbitMQ one. Spring AMQP is a library that can be used with any reasonably recent RabbitMQ version. Consider upgrading your apps to use a more recent version of Spring AMQP. There's a very. good chance that no RabbitMQ version changes will be necessary. |
Beta Was this translation helpful? Give feedback.
@harrisa-opentext https://nvd.nist.gov/vuln/detail/CVE-2018-11087 is a Spring AMQP vulnerability, not a RabbitMQ one. Spring AMQP is a library that can be used with any reasonably recent RabbitMQ version.
Consider upgrading your apps to use a more recent version of Spring AMQP. There's a very. good chance that no RabbitMQ version changes will be necessary.