CVE-2020-36282

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36282

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36282.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36282

Aliases

GHSA-v525-c3g5-cg9p

Published

2021-03-12T01:15:12Z

Modified

2024-06-06T13:16:42.468752Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.

References

Affected packages

Git / github.com/rabbitmq/rabbitmq-jms-client

Affected ranges

Type: GIT
Repo: https://github.com/rabbitmq/rabbitmq-jms-client
Events: Introduced

6f5e2a79aff3fc249653c75f82240d0ed6e4b8aa

Fixed

a017343d2193fb81fb41334f725d3b277ad9bf0b

Affected versions

v2.*

v2.0.0

v2.1.0

v2.1.0.RC1

v2.1.1