A resource-consumption flaw was identified in the rabbitmq-server web management plugin. Utilizing a malicious ‘X-Reason’ HTTP header, a remote attacker could insert a malicious Erlang format string which will expand and consume heap memory, resulting in a crash. The highest threat from this vulnerability is system availability.
This flaw can be mitigated by disabling the Web Management plugin: rabbitmq-plugins disable rabbitmq_management.