In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100936 | Third Party Advisory VDB Entry |
https://pivotal.io/security/cve-2017-8045 | Vendor Advisory |
http://www.securityfocus.com/bid/100936 | Third Party Advisory VDB Entry |
https://pivotal.io/security/cve-2017-8045 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100936 - Third Party Advisory, VDB Entry | |
References | () https://pivotal.io/security/cve-2017-8045 - Vendor Advisory |
Information
Published : 2017-11-27 10:29
Updated : 2024-11-21 03:33
NVD link : CVE-2017-8045
Mitre link : CVE-2017-8045
CVE.ORG link : CVE-2017-8045
JSON object : View
Products Affected
pivotal_software
- spring_advanced_message_queuing_protocol
CWE
CWE-502
Deserialization of Untrusted Data