Hi Colleagues,

We have identified issue in cowboy dependency version: 2.10.0.
See: CVE-2023-46118.

Can you please confirm, whether cowboy uses rabbitmq-server. If yes, then is there any remediation for the above issue ?

Thanks,
Abhishek

Cowboy does not use RabbitMQ. RabbitMQ uses Cowboy. The RabbitMQ code did not enforce limits on the body size and was accumulating that body in memory. This is not an issue with Cowboy itself.