VMware Spring Advanced Message Queuing Protocol
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in VMware Spring Advanced Message Queuing Protocol.
By the Year
In 2026 there have been 0 vulnerabilities in VMware Spring Advanced Message Queuing Protocol. Spring Advanced Message Queuing Protocol did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 4.30 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 6.50 |
It may take a day or so for new Spring Advanced Message Queuing Protocol vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Spring Advanced Message Queuing Protocol Security Vulnerabilities
Spring AMQP CVE-2023-34050: Default deserialization allows all classes
CVE-2023-34050
4.3 - Medium
- October 19, 2023
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content
Marshaling, Unmarshaling
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object
CVE-2021-22095
6.5 - Medium
- November 30, 2021
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
Marshaling, Unmarshaling
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10
CVE-2021-22097
6.5 - Medium
- October 28, 2021
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
Marshaling, Unmarshaling
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5
CVE-2016-2173
9.8 - Critical
- April 21, 2017
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Spring Advanced Message Queuing Protocol or by VMware? Click the Watch button to subscribe.
