CVE-2020-36282 – com.rabbitmq.jms:rabbitmq-jms

Package

Manager: maven
Name: com.rabbitmq.jms:rabbitmq-jms
Vulnerable Version: >=2.0 <2.2.0 || >=1.0 <1.15.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01699 pctl0.81558

Details

Unsafe Deserialization that can Result in Code Execution JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.

Metadata

Created: 2021-12-10T17:15:49Z
Modified: 2021-03-15T23:45:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-v525-c3g5-cg9p/GHSA-v525-c3g5-cg9p.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-v525-c3g5-cg9p
Finding: F096
Auto approve: 1