Lucene search
GoogleOSV:CVE-2021-22097HistoryOct 28, 2021 - 4:15 p.m.
CVE-2021-22097
2021-10-2816:15:08
Google
osv.dev
2
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spring-amqp | eq | 3.0.6 | |
| spring-amqp | eq | 3.0.9 | |
| spring-amqp | eq | 2.4.3 | |
| spring-amqp | eq | 2.4.7 | |
| spring-amqp | eq | 2.4.2 | |
| spring-amqp | eq | 3.0.10 | |
| spring-amqp | eq | 2.4.1 | |
| spring-amqp | eq | 2.4.17 | |
| spring-amqp | eq | 2.3.4 | |
| spring-amqp | eq | 2.4.12 |
References
Related
osv
osv
Deserialization of Untrusted Data in Spring AMQP
2022-05-24 19:19:03
CVE-2021-22095
2021-11-30 19:15:00
Deserialization of Untrusted Data in Spring AMQP
2021-12-01 00:00:40
prion
prion
Code injection
2021-10-28 16:15:00
cvelist
cvelist
CVE-2021-22097
2021-10-28 15:24:19
nvd
nvd
CVE-2021-22097
2021-10-28 16:15:08
veracode
veracode
Denial Of Service (DoS)
2021-10-29 04:55:12
github
github
Deserialization of Untrusted Data in Spring AMQP
2022-05-24 19:19:03
cve
cve
CVE-2021-22097
2021-10-28 16:15:08
ibm
ibm