cn.kduck:kduck-core (=1.1.0), cn.kduck:kduck-security (=1.1.0) +131 more potentially affected by CVE-2021-22095 +1 more via org.springframework.amqp:spring-amqp (>=2.3.0 <=2.3.10)

org.springframework.amqp:spring-amqp MAVEN version =2.3.0, =1.3.20, =1.0.0, =1.7, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.2.1 - com.lwohvye:eladmin-system =2.6.14 and more Source cves: CVE-2021-22095, CVE-2021-22097 Source advisory: OSV:GHSA-945Q-CH46-PCHG...

GHSA-945Q-CH46-PCHG Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

Code injection

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

UBUNTU-CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, which stems from the Spring AMQP Message object in its toString method, which will create a new...

Denial Of Service (DoS)

spring-amqp is vulnerable to denial of service. An attacker can cause an application crash through the message.toString function as it deserialize the body for a message with content-type application/x-java-serialized-object by constructing a malicious java.util.Dictionary object...

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

CVE-2021-22097

CVE-2021-22097 affects Spring AMQP: versions 2.2.0–2.2.18 and 2.3.0–2.3.10, where Message.toString() deserializes a body with content-type application/x-java-serialized-object. A constructed malicious java.util.Dictionary object can cause 100% CPU in the application when toString() is invoked. Co...

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. Spring AMQP suffers from a security vulnerability that stems from a Spring AMQP Message object that will deserialize a message body with content type application x-java-serialized-object i...

Spring AMQP Installed

Binary data pivotalsoftwarespringamqpinstalled.nbin...

br.jus.stf.digital:core (>=0.1.0 <=1.6.0), br.jus.stf.digital:test (>=1.0.0 <=1.0.2) +278 more potentially affected by CVE-2018-11087 via org.springframework.amqp:spring-amqp (>=1.0.0.RELEASE <=1.7.0.RELEASE)

org.springframework.amqp:spring-amqp MAVEN version =1.0.0.RELEASE, =0.1.0, =1.0.0, =1.0.6.OSS, =1.0.6.OSS, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.1.0-RELEASE, =1.0, =1.0, =0.9.0, =0.20.0, =1.31.1, =1.35.0 and more Source cves: CVE-2018-11087 Source advisory:...

GHSA-W4G2-9HJ6-5472 Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

cc.voox:publisher (>=0.1.0.Beta <=2.2.0), cloud.altemista.fwk.integration:cloud-altemistafwk-core-integration-amqp-conf (>=3.0.0.RELEASE <=3.0.1.RELEASE) +130 more potentially affected by CVE-2018-11087 via org.springframework.amqp:spring-amqp (>=2.0.0.RELEASE <=2.0.5.RELEASE)

org.springframework.amqp:spring-amqp MAVEN version =2.0.0.RELEASE, =0.1.0.Beta, =3.0.0.RELEASE, =3.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =0.1.0-RC1, =1.0.0, =1.0.0, =1.0.0.20191020.beta, =1.0.0.20210917f.beta and more Source cves: CVE-2018-11087 Source advisory: OSV:GHSA-W4G2-9HJ6-5472...

Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

com.bluelock:camel-spring-amqp (>=1.5 <=1.6.3), com.catify.bpmn:bpmn-engine-dist-jpa-camel (=1.1) +448 more potentially affected by CVE-2014-0002 via org.apache.camel:camel-core (>=1.0.0 <=2.11.3)

org.apache.camel:camel-core MAVEN version =1.0.0, =1.5, =0.3.4, =0.4.0 - com.github.microon:microon-services-calendar =0.0 - com.github.rmannibucau:camel-loader =0.0.1 - com.github.rmannibucau:diagram-generator-maven-plugin =0.0.1 and more Source cves: CVE-2014-0002 Source advisory:...