4 matches found
CVE-2023-34050
CVE-2023-34050 affects Spring AMQP: deserialization vulnerability in SimpleMessageConverter/SerializerMessageConverter when no allowed-list patterns are configured. Versions affected: 1.0.0–2.4.16 and 3.0.0–3.0.9. If untrusted messages originate from a compromised source and write permissions to ...
CVE-2016-2173
CVE-2016-2173 (Spring AMQP) affects the Spring AMQP component, where org.springframework.core.serializer.DefaultDeserializer can be abused to achieve remote code execution. The vulnerability is present in Spring AMQP versions prior to 1.5.5. Exploitation involves deserialization of untrusted data...
CVE-2021-22097
CVE-2021-22097 affects Spring AMQP: versions 2.2.0–2.2.18 and 2.3.0–2.3.10, where Message.toString() deserializes a body with content-type application/x-java-serialized-object. A constructed malicious java.util.Dictionary object can cause 100% CPU in the application when toString() is invoked. Co...
CVE-2021-22095
CVE-2021-22095 affects Spring AMQP: versions 2.2.0–2.2.19 and 2.3.0–2.3.11. The toString() method of the Spring AMQP Message object creates a new String from the message body regardless of size, which can trigger an OutOfMemoryError on large messages. Public documents confirm the affected ranges ...