CVE-2020-36282

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36282

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36282.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36282

Aliases

GHSA-v525-c3g5-cg9p

Published

2021-03-12T01:15:12.373Z

Modified

2026-04-10T04:27:24.504125Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.

References

Affected packages

Git / github.com/rabbitmq/rabbitmq-jms-client

Affected ranges

Type

GIT

Repo

https://github.com/rabbitmq/rabbitmq-jms-client

Events

Introduced

d66e26c7c7f1a350f49548872d6a1c2c6d8abedb

Fixed

df5a7fc2806ce3b2a84f1eee3921036fc700781f

Introduced

6f5e2a79aff3fc249653c75f82240d0ed6e4b8aa

Fixed

a017343d2193fb81fb41334f725d3b277ad9bf0b

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.15.2"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.2.0"
        }
    ]
}

Affected versions

v2.*

v2.0.0

v2.1.0

v2.1.0.RC1

v2.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36282.json"