3.7.14

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-31	CVE-2020-5419	Uncontrolled Search Path Element vulnerability in multiple products RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. local low complexity pivotal-software vmware CWE-427	6.7
2019-11-23	CVE-2019-11287	Use of Externally-Controlled Format String vulnerability in multiple products Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. network low complexity pivotal-software vmware fedoraproject redhat debian CWE-134	7.5
2019-10-16	CVE-2019-11281	Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. network low complexity pivotal-software debian fedoraproject redhat CWE-79	4.8