GHSA-hrp3-8p5w-27gv

Suggest an improvement
Source
https://github.com/advisories/GHSA-hrp3-8p5w-27gv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hrp3-8p5w-27gv/GHSA-hrp3-8p5w-27gv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hrp3-8p5w-27gv
Aliases
Published
2022-05-13T01:26:13Z
Modified
2023-11-08T03:58:23.976581Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Improper Input Validation in Spring AMQP
Details

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

Database specific 
{
    "nvd_published_at": "2017-04-21T20:59:00Z",
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:01:55Z"
}
References

Affected packages

Maven / org.springframework.amqp:spring-amqp

Package

Name
org.springframework.amqp:spring-amqp
View open source insights on deps.dev
Purl
pkg:maven/org.springframework.amqp/spring-amqp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.5

Affected versions

1.*

1.0.0.RELEASE
1.1.0.RELEASE
1.1.1.RELEASE
1.1.2.RELEASE
1.1.3.RELEASE
1.1.4.RELEASE
1.2.0.RELEASE
1.2.1.RELEASE
1.2.2.RELEASE
1.3.0.RELEASE
1.3.1.RELEASE
1.3.2.RELEASE
1.3.3.RELEASE
1.3.4.RELEASE
1.3.5.RELEASE
1.3.6.RELEASE
1.3.7.RELEASE
1.3.8.RELEASE
1.3.9.RELEASE
1.4.0.RELEASE
1.4.1.RELEASE
1.4.2.RELEASE
1.4.3.RELEASE
1.4.4.RELEASE
1.4.5.RELEASE
1.4.6.RELEASE
1.5.0.RELEASE
1.5.1.RELEASE
1.5.2.RELEASE
1.5.3.RELEASE
1.5.4.RELEASE

Database specific

last_known_affected_version_range

"<= 1.5.4"