CVE-2023-34050

🗓️ 19 Oct 2023 07:11:35Reported by vmwareType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 104 Views

Spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 vulnerable to deserialization of untrusted data

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2023-34050	20 Oct 202305:48	–	circl
CNNVD	Spring AMQP Code Issue Vulnerability	19 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-34050 Spring AMQP Deserialization Vulnerability	19 Oct 202307:11	–	cvelist
ICS	Siemens SINEC NMS	13 Aug 202400:00	–	ics
NCSC	Vulnerabilities fixed in Siemens products	13 Aug 202409:21	–	ncsc
NVD	CVE-2023-34050	19 Oct 202308:15	–	nvd
OSV	CVE-2023-34050	19 Oct 202308:15	–	osv
Prion	Deserialization of untrusted data	19 Oct 202308:15	–	prion
Positive Technologies	PT-2023-6408 · Spring · Spring Amqp	18 Oct 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-34050	26 Oct 202318:27	–	redhatcve

NVD

Node

vmware spring_advanced_message_queuing_protocolRange1.0.0–2.4.16

vmware spring_advanced_message_queuing_protocolRange3.0.0–3.0.9

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS",
      "Linux",
      "iOS",
      "Android",
      "x86",
      "ARM",
      "64 bit",
      "Windows",
      "32 bit"
    ],
    "product": "Spring AMQP",
    "vendor": "Spring",
    "versions": [
      {
        "lessThan": "2.4.17",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "2.4.17"
      },
      {
        "lessThan": "3.0.10",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "3.0.10"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2023-34050

21 Nov 2024 08:06Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.14.3 - 5

EPSS0.43039

SSVC

CWE-502