In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100936 | Third Party Advisory VDB Entry |
https://pivotal.io/security/cve-2017-8045 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-11-27 10:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-8045
Mitre link : CVE-2017-8045
CVE.ORG link : CVE-2017-8045
JSON object : View
Products Affected
pivotal_software
- spring_advanced_message_queuing_protocol
CWE
CWE-502
Deserialization of Untrusted Data