CVE-2023-32081 – Vert.x STOMP server process client frames that would not send initially a connect frame

https://notcve.org/view.php?id=CVE-2023-32081

12 May 2023 — Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched... • https://github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b • CWE-287: Improper Authentication •