{"id":"CVE-2020-5419","details":"RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.","aliases":["BIT-rabbitmq-2020-5419"],"modified":"2026-04-10T04:27:39.813122Z","published":"2020-08-31T15:15:11.010Z","references":[{"type":"ADVISORY","url":"https://tanzu.vmware.com/security/cve-2020-5419"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rabbitmq/rabbitmq-server","events":[{"introduced":"967ffac80a454b24be03b00e623469cf2380ee89"},{"fixed":"9a5592654e993e7e9c238ec53a83a12107068c10"},{"introduced":"0"},{"fixed":"b9c8e2de93be5323822cf501c6ae3d5d92381820"}],"database_specific":{"versions":[{"introduced":"3.8.0"},{"fixed":"3.8.7"},{"introduced":"0"},{"fixed":"3.7.28"}]}}],"versions":["rabbitmq_v1_4_0","rabbitmq_v1_5_0","rabbitmq_v1_6_0","rabbitmq_v1_7_0","rabbitmq_v1_7_2","rabbitmq_v1_8_1","rabbitmq_v2_4_0","rabbitmq_v2_7_1","rabbitmq_v2_8_0","rabbitmq_v3_0_0","rabbitmq_v3_0_1","rabbitmq_v3_0_2","rabbitmq_v3_0_3","rabbitmq_v3_0_4","rabbitmq_v3_1_1","rabbitmq_v3_1_2","rabbitmq_v3_1_3","rabbitmq_v3_1_4","rabbitmq_v3_1_5","rabbitmq_v3_2_1","rabbitmq_v3_2_2","rabbitmq_v3_2_3","rabbitmq_v3_2_4","rabbitmq_v3_3_0","rabbitmq_v3_3_1","rabbitmq_v3_3_2","rabbitmq_v3_3_3","rabbitmq_v3_3_4","rabbitmq_v3_3_5","rabbitmq_v3_4_0","rabbitmq_v3_4_1","rabbitmq_v3_4_2","rabbitmq_v3_4_3","rabbitmq_v3_5_0","rabbitmq_v3_6_0","rabbitmq_v3_6_0_milestone1","rabbitmq_v3_6_0_milestone2","rabbitmq_v3_6_0_milestone3","rabbitmq_v3_6_0_rc1","rabbitmq_v3_6_0_rc2","rabbitmq_v3_6_0_rc3","rabbitmq_v3_7_0_milestone1","rabbitmq_v3_7_0_milestone10","rabbitmq_v3_7_0_milestone11","rabbitmq_v3_7_0_milestone12","rabbitmq_v3_7_0_milestone13","rabbitmq_v3_7_0_milestone14","rabbitmq_v3_7_0_milestone15","rabbitmq_v3_7_0_milestone16","rabbitmq_v3_7_0_milestone17","rabbitmq_v3_7_0_milestone18","rabbitmq_v3_7_0_milestone2","rabbitmq_v3_7_0_milestone3","rabbitmq_v3_7_0_milestone4","rabbitmq_v3_7_0_milestone5","rabbitmq_v3_7_0_milestone7","rabbitmq_v3_7_0_milestone8","rabbitmq_v3_7_0_milestone9","v3.7.0","v3.7.0-beta.19","v3.7.0-beta.20","v3.7.0-rc.1","v3.7.0-rc.2","v3.7.1","v3.7.1-beta.1","v3.7.10","v3.7.10-rc.1","v3.7.10-rc.2","v3.7.10-rc.3","v3.7.10-rc.4","v3.7.11","v3.7.11-rc.1","v3.7.11-rc.2","v3.7.12","v3.7.12-rc.1","v3.7.12-rc.2","v3.7.13","v3.7.13-beta.1","v3.7.13-rc.1","v3.7.13-rc.2","v3.7.14","v3.7.14-rc.1","v3.7.14-rc.2","v3.7.15","v3.7.15-beta.1","v3.7.16","v3.7.16-beta.1","v3.7.16-rc.3","v3.7.16-rc.4","v3.7.17","v3.7.17-beta.1","v3.7.17-rc.1","v3.7.17-rc.2","v3.7.17-rc.3","v3.7.18","v3.7.18-beta.1","v3.7.18-rc.1","v3.7.19","v3.7.2","v3.7.20","v3.7.20-beta.1","v3.7.20-rc.1","v3.7.20-rc.2","v3.7.21","v3.7.22","v3.7.22-rc.1","v3.7.22-rc.2","v3.7.23","v3.7.23-rc.1","v3.7.24","v3.7.24-beta.1","v3.7.24-rc.1","v3.7.24-rc.2","v3.7.25","v3.7.25-rc.1","v3.7.26","v3.7.27-rc.1","v3.7.3","v3.7.3-rc.1","v3.7.3-rc.2","v3.7.4","v3.7.4-rc.1","v3.7.4-rc.2","v3.7.4-rc.3","v3.7.4-rc.4","v3.7.5","v3.7.5-beta.1","v3.7.5-beta.2","v3.7.5-beta.3","v3.7.5-rc.1","v3.7.6","v3.7.6-rc.1","v3.7.6-rc.2","v3.7.7","v3.7.7-beta.1","v3.7.7-beta.2","v3.7.7-rc.1","v3.7.7-rc.2","v3.7.8","v3.7.8-rc.1","v3.7.8-rc.2","v3.7.8-rc.3","v3.7.8-rc.4","v3.7.9","v3.7.9-rc.1","v3.7.9-rc.2","v3.7.9-rc.3","v3.8.0","v3.8.1","v3.8.1-beta.1","v3.8.1-beta.2","v3.8.1-rc.1","v3.8.2","v3.8.2-rc.1","v3.8.3","v3.8.3-beta.1","v3.8.3-beta.2","v3.8.3-beta.3","v3.8.3-rc.1","v3.8.3-rc.2","v3.8.4","v3.8.4-beta.1","v3.8.4-rc.1","v3.8.4-rc.2","v3.8.4-rc.3","v3.8.5","v3.8.5-rc.1","v3.8.5-rc.2","v3.8.6","v3.8.6-beta.1","v3.8.6-rc.1","v3.8.6-rc.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5419.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}