CVE-2016-4432: Improper Authentication

October 16, 2018 (updated September 16, 2021)

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.

References

github.com/advisories/GHSA-q66c-h853-gqw2
nvd.nist.gov/vuln/detail/CVE-2016-4432

Code Behaviors & Features

Detect and mitigate CVE-2016-4432 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →