Is cowboy affected by CVE-2023-46118 ?
abh1shek-sh opened this issue · comments
Hi Colleagues,
We have identified issue in cowboy dependency version: 2.10.0.
See: CVE-2023-46118.
Can you please confirm, whether cowboy uses rabbitmq-server. If yes, then is there any remediation for the above issue ?
Thanks,
Abhishek
Cowboy does not use RabbitMQ. RabbitMQ uses Cowboy. The RabbitMQ code did not enforce limits on the body size and was accumulating that body in memory. This is not an issue with Cowboy itself.