Source: rabbitmq-server Version: 3.7.18-1 Severity: important Tags: security upstream Control: found -1 3.7.8-4
Hi, The following vulnerability was published for rabbitmq-server. CVE-2019-11287[0]: | Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to | 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to | 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management | plugin that is vulnerable to a denial of service attack. The | "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang | format string that will expand and consume the heap, resulting in the | server crashing. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11287 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11287 [1] https://pivotal.io/security/cve-2019-11287 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
