VMware Spring Advanced Message Queuing Protocol
By the Year
In 2024 there have been 0 vulnerabilities in VMware Spring Advanced Message Queuing Protocol . Last year Spring Advanced Message Queuing Protocol had 1 security vulnerability published. Right now, Spring Advanced Message Queuing Protocol is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 4.30 |
2022 | 0 | 0.00 |
2021 | 2 | 6.50 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Spring Advanced Message Queuing Protocol vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Spring Advanced Message Queuing Protocol Security Vulnerabilities
In spring AMQP versions 1.0.0 to
2.4.16 and 3.0.0 to 3.0.9
CVE-2023-34050
4.3 - Medium
- October 19, 2023
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content
Marshaling, Unmarshaling
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object
CVE-2021-22095
6.5 - Medium
- November 30, 2021
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
Marshaling, Unmarshaling
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10
CVE-2021-22097
6.5 - Medium
- October 28, 2021
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
Marshaling, Unmarshaling
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5
CVE-2016-2173
9.8 - Critical
- April 21, 2017
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by VMware? Click the Watch button to subscribe.