Navidmitchell

**Name of the Vulnerable Software and Affected Versions** Vert.x STOMP versions 3.1.0 through 3.9.16 Vert.x STOMP versions 4.0.0 through 4.4.2 **Description** The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame replied with a successful CONNECTED frame. This allows a client to subscribe to a destination or publish a message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. **Recommendations** For versions 3.1.0 through 3.9.15, update to version 3.9.16. For versions 4.0.0 through 4.4.1, update to version 4.4.2.