In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
[
{
"product": "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7"
}
]
}
]