Skip to main content

Spring Advanced Message Queuing Protocol

6 CVEs product

Monthly

CVE-2023-34050 MEDIUM This Month

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Deserialization Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-22095 Maven MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22097 Maven MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2018-11087 Maven MEDIUM PATCH This Month

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure Spring Advanced Message Queuing Protocol Rabbitmq Java Client
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2017-8045 Maven CRITICAL PATCH Act Now

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java RCE Spring Advanced Message Queuing Protocol
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2016-2173 Maven CRITICAL PATCH Act Now

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.3%.

RCE Java Fedora Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
9.8
EPSS
21.3%
EPSS 2% CVSS 4.3
MEDIUM This Month

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Deserialization Spring Advanced Message Queuing Protocol
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Spring Advanced Message Queuing Protocol
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure Spring Advanced Message Queuing Protocol +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java RCE +1
NVD
EPSS 21% CVSS 9.8
CRITICAL PATCH Act Now

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.3%.

RCE Java Fedora +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy