Lucene search
K
VmwareSpring Advanced Message Queuing Protocol

4 matches found

CVE
CVE
added 2023/10/19 7:11 a.m.112 views

CVE-2023-34050

CVE-2023-34050 affects Spring AMQP: deserialization vulnerability in SimpleMessageConverter/SerializerMessageConverter when no allowed-list patterns are configured. Versions affected: 1.0.0–2.4.16 and 3.0.0–3.0.9. If untrusted messages originate from a compromised source and write permissions to ...

5CVSS5.2AI score0.01537EPSS
CVE
CVE
added 2017/04/21 8:0 p.m.93 views

CVE-2016-2173

CVE-2016-2173 (Spring AMQP) affects the Spring AMQP component, where org.springframework.core.serializer.DefaultDeserializer can be abused to achieve remote code execution. The vulnerability is present in Spring AMQP versions prior to 1.5.5. Exploitation involves deserialization of untrusted data...

9.8CVSS9.5AI score0.06257EPSS
CVE
CVE
added 2021/10/28 3:24 p.m.93 views

CVE-2021-22097

CVE-2021-22097 affects Spring AMQP: versions 2.2.0–2.2.18 and 2.3.0–2.3.10, where Message.toString() deserializes a body with content-type application/x-java-serialized-object. A constructed malicious java.util.Dictionary object can cause 100% CPU in the application when toString() is invoked. Co...

6.8CVSS6.4AI score0.01037EPSS
CVE
CVE
added 2021/11/30 6:41 p.m.72 views

CVE-2021-22095

CVE-2021-22095 affects Spring AMQP: versions 2.2.0–2.2.19 and 2.3.0–2.3.11. The toString() method of the Spring AMQP Message object creates a new String from the message body regardless of size, which can trigger an OutOfMemoryError on large messages. Public documents confirm the affected ranges ...

6.5CVSS6.3AI score0.01019EPSS