CVE-2023-34050
- EPSS 41.07%
- Veröffentlicht 19.10.2023 08:15:08
- Zuletzt bearbeitet 21.11.2024 08:06:28
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by ...
CVE-2021-22095
- EPSS 0.59%
- Veröffentlicht 30.11.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 05:49:31
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
CVE-2021-22097
- EPSS 0.43%
- Veröffentlicht 28.10.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 05:49:31
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious...
CVE-2016-2173
- EPSS 21.29%
- Veröffentlicht 21.04.2017 20:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.