VYPR
High severityNVD Advisory· Published Apr 23, 2019· Updated Aug 4, 2024

CVE-2019-0223

CVE-2019-0223

Description

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.qpid:proton-jMaven
>= 0.9, < 0.27.10.27.1

Affected products

4

Patches

Vulnerability mechanics

References

25

News mentions

0

No linked articles in our index yet.