CVE-2017-8045
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-8045
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8045.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-8045
- Aliases
- Published
- 2017-11-27T10:29:00Z
- Modified
- 2025-04-20T04:04:03.802549Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
- References
Affected packages
Git / github.com/spring-projects/spring-amqp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/spring-projects/spring-amqp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
1.*
1.0.0.M1
1.0.0.M2
1.1.0.RELEASE
1.1.1.RELEASE
v1.*
v1.2.0.RC1
v1.2.0.RELEASE
v1.2.0a.M1
v1.3.0.M1
v1.3.0.M2
v1.3.0.RC1
v1.3.0.RELEASE
v1.3.1.RELEASE
v1.3.2.RELEASE
v1.3.3.RELEASE
v1.3.4.RELEASE
v1.4.0.M1
v1.4.0.RC1
v1.4.0.RELEASE
v1.4.1.RELEASE
v1.4.2.M1
v1.4.2.M2
v1.4.2.RELEASE
v1.5.0.M1
v1.5.0.RC1