Maven package
org.apache.qpid/proton-j
pkg:maven/org.apache.qpid/proton-j
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-0223 | — | >= 0.9, < 0.27.1 | 0.27.1 | Apr 23, 2019 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenS | ||
| CVE-2018-17187 | — | >= 0.3, < 0.30.0 | 0.30.0 | Nov 13, 2018 | The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certi | ||
| CVE-2016-2166 | Med | 6.5 | < 0.12.1 | 0.12.1 | Apr 12, 2016 | The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middl |
- CVE-2019-0223Apr 23, 2019affected >= 0.9, < 0.27.1fixed 0.27.1
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenS
- CVE-2018-17187Nov 13, 2018affected >= 0.3, < 0.30.0fixed 0.30.0
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certi
- affected < 0.12.1fixed 0.12.1
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middl