com.github.marcelop3251:queues-manager (=1.2.0), net.oneandone.ioc-unit:ioc-unit-jms-rabbitmq (>=2.0.28 <=2.0.40) potentially affected by CVE-2020-36282 via com.rabbitmq.jms:rabbitmq-jms (=1.14.0)

com.rabbitmq.jms:rabbitmq-jms MAVEN version =1.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.rabbitmq.jms:rabbitmq-jms and may be impacted: - com.github.marcelop3251:queues-manager =1.2.0 - net.oneandone.ioc-unit:ioc-unit-jms-rabbitmq =2.0.2...

Arbitrary Code Execution

rabbitmq-jms is vulnerable to arbitrary code execution. Untrusted objects are not filtered and passed through StreamMessage in the JMS to be deserialized before or while being given to the message listeners. An authenticated user is able to abuse the vulnerability to execute arbitrary code on the...