VYPR

Maven package

org.apache.qpid/proton-j

pkg:maven/org.apache.qpid/proton-j

Vulnerabilities (3)

  • CVE-2019-0223Apr 23, 2019
    affected >= 0.9, < 0.27.1fixed 0.27.1

    While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenS

  • CVE-2018-17187Nov 13, 2018
    affected >= 0.3, < 0.30.0fixed 0.30.0

    The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certi

  • CVE-2016-2166MedApr 12, 2016
    affected < 0.12.1fixed 0.12.1

    The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middl