The-Mikedavis

**Name of the Vulnerable Software and Affected Versions** RabbitMQ versions 3.7.0 through 4.0.12 RabbitMQ versions 4.1.0 through 4.1.1 **Description** RabbitMQ is a messaging and streaming broker that contains a security issue. **Recommendations** Update to version 4.0.13 Update to version 4.1.2

**Name of the Vulnerable Software and Affected Versions** amazon-mq rabbitmq-aws versions prior to 0.2.1 **Description** Active debug code in the ARN resolver allows remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. This occurs because the 'PUT /api/aws/arn/validate' endpoint accepts a debug ARN scheme (`arn:aws-debug:file`). **Recommendations** Upgrade to version 0.2.1. Rotate any associated private certificate keys if RabbitMQ is configured to use TLS for connections.