GHSA-vqqg-xgv7-cf68
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vqqg-xgv7-cf68
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vqqg-xgv7-cf68/GHSA-vqqg-xgv7-cf68.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vqqg-xgv7-cf68
- Aliases
- Published
- 2022-05-17T00:16:13Z
- Modified
- 2023-11-08T03:59:27.500194Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Deserialization of Untrusted Data in Spring AMQP
- Details
-
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
- Database specific
{ "nvd_published_at": "2017-11-27T10:29:00Z", "github_reviewed_at": "2022-06-30T21:12:41Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-502" ] }- References
Affected packages
Maven / org.springframework.amqp:spring-amqp
Package
- Name
- org.springframework.amqp:spring-amqp
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.amqp/spring-amqp
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.7
Affected versions
1.*
1.0.0.RELEASE
1.1.0.RELEASE
1.1.1.RELEASE
1.1.2.RELEASE
1.1.3.RELEASE
1.1.4.RELEASE
1.2.0.RELEASE
1.2.1.RELEASE
1.2.2.RELEASE
1.3.0.RELEASE
1.3.1.RELEASE
1.3.2.RELEASE
1.3.3.RELEASE
1.3.4.RELEASE
1.3.5.RELEASE
1.3.6.RELEASE
1.3.7.RELEASE
1.3.8.RELEASE
1.3.9.RELEASE
1.4.0.RELEASE
1.4.1.RELEASE
1.4.2.RELEASE
1.4.3.RELEASE
1.4.4.RELEASE
1.4.5.RELEASE
1.4.6.RELEASE
1.5.0.RELEASE
1.5.1.RELEASE
1.5.2.RELEASE
1.5.3.RELEASE
1.5.4.RELEASE
1.5.5.RELEASE
1.5.6.RELEASE
Maven / org.springframework.amqp:spring-amqp
Package
- Name
- org.springframework.amqp:spring-amqp
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.amqp/spring-amqp
Maven / org.springframework.amqp:spring-amqp
Package
- Name
- org.springframework.amqp:spring-amqp
- View open source insights on deps.dev
- Purl
- pkg:maven/org.springframework.amqp/spring-amqp