AZL-39719

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39719.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-39719

Upstream

CVE-2023-50966

Published

2024-03-19T15:15:07Z

Modified

2026-04-01T05:13:51.021329Z

Summary

CVE-2023-50966 affecting package rabbitmq-server for versions less than 3.13.7-1

Details

erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-50966

Affected packages

Azure Linux:3 / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:rpm/azure-linux/rabbitmq-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.13.7-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39719.json"