5 matches found
br.com.itsme:commons (>=0.0.4-ALPHA <=0.0.5-ALPHA), cn.amossun:starter-event (>=1.2.0-RELEASE <=1.2.1-RELEASE) +216 more potentially affected by CVE-2021-22097 via org.springframework.amqp:spring-amqp (>=2.2.0.RELEASE <=2.2.18.RELEASE)
org.springframework.amqp:spring-amqp MAVEN version =2.2.0.RELEASE, =0.0.4-ALPHA, =1.2.0-RELEASE, =0.2.0, =0.2.0, =0.2.0, =0.0.9, =1.1, =0.1.0, =0.1.0, =0.2.0 - com.farao-community.farao:gridcapa-dichotomy-runner-app =0.1.0 - com.farao-community.farao:gridcapa-dichotomy-runner-spring-boot-starter...
br.com.itsme:commons (>=0.0.4-ALPHA <=0.0.5-ALPHA), cn.amossun:starter-event (>=1.2.0-RELEASE <=1.2.1-RELEASE) +234 more potentially affected by CVE-2021-22095 +1 more via org.springframework.amqp:spring-amqp (>=2.2.0.RELEASE <=2.2.1.RELEASE)
org.springframework.amqp:spring-amqp MAVEN version =2.2.0.RELEASE, =0.0.4-ALPHA, =1.2.0-RELEASE, =1.0, =0.2.0, =0.2.0, =0.2.0, =2.0.0-RC1, =1.0.0-RC1, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =0.0.1-RELEASE, =0.0.1.RELEASE, =3.0.1.RELEASE and more Source cves: CVE-2021-22095, CVE-2021-2209...
cn.kduck:kduck-core (=1.1.0), cn.kduck:kduck-security (=1.1.0) +131 more potentially affected by CVE-2021-22095 +1 more via org.springframework.amqp:spring-amqp (>=2.3.0 <=2.3.10)
org.springframework.amqp:spring-amqp MAVEN version =2.3.0, =1.3.20, =1.0.0, =1.7, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.2.1 - com.lwohvye:eladmin-system =2.6.14 and more Source cves: CVE-2021-22095, CVE-2021-22097 Source advisory: OSV:GHSA-945Q-CH46-PCHG...
CVE-2021-22097
creationtimestamp| type| source ---|---|--- 2021-10-28 20:17:21+00:00| seen| https://t.me/cibsecurity/31398...
CVE-2021-22097
CVE-2021-22097 affects Spring AMQP: versions 2.2.0–2.2.18 and 2.3.0–2.3.10, where Message.toString() deserializes a body with content-type application/x-java-serialized-object. A constructed malicious java.util.Dictionary object can cause 100% CPU in the application when toString() is invoked. Co...