Lucene search
VmwareCVELIST:CVE-2021-22097HistoryOct 28, 2021 - 3:24 p.m.
CVE-2021-22097
2021-10-2815:24:19
CWE-502
vmware
www.cve.org
1
0.001 Low
EPSS
Percentile
35.2%
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
CNA Affected
[
{
"product": "Spring AMQP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring AMQP versions 2.2.X prior to 2.2.19 and 2.3.x prior to 2.3.11 ."
}
]
}
]References
Related
osv
osv
Deserialization of Untrusted Data in Spring AMQP
2022-05-24 19:19:03
CVE-2021-22097
2021-10-28 16:15:08
CVE-2021-22095
2021-11-30 19:15:00
prion
prion
Code injection
2021-10-28 16:15:00
veracode
veracode
Denial Of Service (DoS)
2021-10-29 04:55:12
github
github
Deserialization of Untrusted Data in Spring AMQP
2022-05-24 19:19:03
nvd
nvd
CVE-2021-22097
2021-10-28 16:15:08
cve
cve
CVE-2021-22097
2021-10-28 16:15:08
ibm
ibm