CVE-2017-8045 – org.springframework.amqp:spring-amqp

Package

Manager: maven
Name: org.springframework.amqp:spring-amqp
Vulnerable Version: >=0 <1.5.7 || >=1.6.0 <1.6.11 || >=1.7.0 <1.7.4

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02827 pctl0.85635

Details

Deserialization of Untrusted Data in Spring AMQP In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.

Metadata

Created: 2022-05-17T00:16:13Z
Modified: 2022-06-30T21:12:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vqqg-xgv7-cf68/GHSA-vqqg-xgv7-cf68.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-vqqg-xgv7-cf68
Finding: F096
Auto approve: 1