CVE-2020-5419
- Source
- https://cve.org/CVERecord?id=CVE-2020-5419
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-5419.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-5419
- Aliases
- Published
- 2020-08-31T15:15:11.010Z
- Modified
- 2026-04-12T00:01:50.690043Z
- Severity
-
- 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
- References
Affected packages
Git / github.com/rabbitmq/rabbitmq-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rabbitmq/rabbitmq-server
- Events
-
IntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": [ "cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:*:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "extracted_events": [ { "introduced": "3.8.0" }, { "fixed": "3.8.7" }, { "introduced": "0" }, { "fixed": "3.7.28" } ] }
Affected versions
Other
rabbitmq_v1_4_0
rabbitmq_v1_5_0
rabbitmq_v1_6_0
rabbitmq_v1_7_0
rabbitmq_v1_7_2
rabbitmq_v1_8_1
rabbitmq_v2_4_0
rabbitmq_v2_7_1
rabbitmq_v2_8_0
rabbitmq_v3_0_0
rabbitmq_v3_0_1
rabbitmq_v3_0_2
rabbitmq_v3_0_3
rabbitmq_v3_0_4
rabbitmq_v3_1_1
rabbitmq_v3_1_2
rabbitmq_v3_1_3
rabbitmq_v3_1_4
rabbitmq_v3_1_5
rabbitmq_v3_2_1
rabbitmq_v3_2_2
rabbitmq_v3_2_3
rabbitmq_v3_2_4
rabbitmq_v3_3_0
rabbitmq_v3_3_1
rabbitmq_v3_3_2
rabbitmq_v3_3_3
rabbitmq_v3_3_4
rabbitmq_v3_3_5
rabbitmq_v3_4_0
rabbitmq_v3_4_1
rabbitmq_v3_4_2
rabbitmq_v3_4_3
rabbitmq_v3_5_0
rabbitmq_v3_6_0
rabbitmq_v3_6_0_milestone1
rabbitmq_v3_6_0_milestone2
rabbitmq_v3_6_0_milestone3
rabbitmq_v3_6_0_rc1
rabbitmq_v3_6_0_rc2
rabbitmq_v3_6_0_rc3
rabbitmq_v3_7_0_milestone1
rabbitmq_v3_7_0_milestone10
rabbitmq_v3_7_0_milestone11
rabbitmq_v3_7_0_milestone12
rabbitmq_v3_7_0_milestone13
rabbitmq_v3_7_0_milestone14
rabbitmq_v3_7_0_milestone15
rabbitmq_v3_7_0_milestone16
rabbitmq_v3_7_0_milestone17
rabbitmq_v3_7_0_milestone18
rabbitmq_v3_7_0_milestone2
rabbitmq_v3_7_0_milestone3
rabbitmq_v3_7_0_milestone4
rabbitmq_v3_7_0_milestone5
rabbitmq_v3_7_0_milestone7
rabbitmq_v3_7_0_milestone8
rabbitmq_v3_7_0_milestone9
v3.*
v3.7.0
v3.7.0-beta.19
v3.7.0-beta.20
v3.7.0-rc.1
v3.7.0-rc.2
v3.7.1
v3.7.1-beta.1
v3.7.10
v3.7.10-rc.1
v3.7.10-rc.2
v3.7.10-rc.3
v3.7.10-rc.4
v3.7.11
v3.7.11-rc.1
v3.7.11-rc.2
v3.7.12
v3.7.12-rc.1
v3.7.12-rc.2
v3.7.13
v3.7.13-beta.1
v3.7.13-rc.1
v3.7.13-rc.2
v3.7.14
v3.7.14-rc.1
v3.7.14-rc.2
v3.7.15
v3.7.15-beta.1
v3.7.16
v3.7.16-beta.1
v3.7.16-rc.3
v3.7.16-rc.4
v3.7.17
v3.7.17-beta.1
v3.7.17-rc.1
v3.7.17-rc.2
v3.7.17-rc.3
v3.7.18
v3.7.18-beta.1
v3.7.18-rc.1
v3.7.19
v3.7.2
v3.7.20
v3.7.20-beta.1
v3.7.20-rc.1
v3.7.20-rc.2
v3.7.21
v3.7.22
v3.7.22-rc.1
v3.7.22-rc.2
v3.7.23
v3.7.23-rc.1
v3.7.24
v3.7.24-beta.1
v3.7.24-rc.1
v3.7.24-rc.2
v3.7.25
v3.7.25-rc.1
v3.7.26
v3.7.27-rc.1
v3.7.3
v3.7.3-rc.1
v3.7.3-rc.2
v3.7.4
v3.7.4-rc.1
v3.7.4-rc.2
v3.7.4-rc.3
v3.7.4-rc.4
v3.7.5
v3.7.5-beta.1
v3.7.5-beta.2
v3.7.5-beta.3
v3.7.5-rc.1
v3.7.6
v3.7.6-rc.1
v3.7.6-rc.2
v3.7.7
v3.7.7-beta.1
v3.7.7-beta.2
v3.7.7-rc.1
v3.7.7-rc.2
v3.7.8
v3.7.8-rc.1
v3.7.8-rc.2
v3.7.8-rc.3
v3.7.8-rc.4
v3.7.9
v3.7.9-rc.1
v3.7.9-rc.2
v3.7.9-rc.3
v3.8.0
v3.8.1
v3.8.1-beta.1
v3.8.1-beta.2
v3.8.1-rc.1
v3.8.2
v3.8.2-rc.1
v3.8.3
v3.8.3-beta.1
v3.8.3-beta.2
v3.8.3-beta.3
v3.8.3-rc.1
v3.8.3-rc.2
v3.8.4
v3.8.4-beta.1
v3.8.4-rc.1
v3.8.4-rc.2
v3.8.4-rc.3
v3.8.5
v3.8.5-rc.1
v3.8.5-rc.2
v3.8.6
v3.8.6-beta.1
v3.8.6-rc.1
v3.8.6-rc.2