In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
References
Link | Resource |
---|---|
https://pivotal.io/security/cve-2017-8045 | Vendor Advisory |
http://www.securityfocus.com/bid/100936 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-11-27 02:29
Updated : 2017-12-12 09:59
NVD link : CVE-2017-8045
Mitre link : CVE-2017-8045
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
pivotal_software
- spring_advanced_message_queuing_protocol