← Back

CVE-2017-8045

nvd nist
Published: Nov 27, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.

Affected (27)

Pivotal Software
1 product
Spring Advanced Message Queuing Protocol
Configuration A
27 vulnerable
Vulnerable SoftwareAffected Versions
Pivotal Software
Spring Advanced Message Queuing Protocol
Version 1.5.0
Spring Advanced Message Queuing Protocol
Version 1.5.0 m1
Spring Advanced Message Queuing Protocol
Version 1.5.0 rc1
Spring Advanced Message Queuing Protocol
Version 1.5.1
Spring Advanced Message Queuing Protocol
Version 1.5.2
Spring Advanced Message Queuing Protocol
Version 1.5.3
Spring Advanced Message Queuing Protocol
Version 1.5.4
Spring Advanced Message Queuing Protocol
Version 1.5.5
Spring Advanced Message Queuing Protocol
Version 1.5.6
Spring Advanced Message Queuing Protocol
Version 1.6.0
Spring Advanced Message Queuing Protocol
Version 1.6.0 m1
Spring Advanced Message Queuing Protocol
Version 1.6.0 m2
Spring Advanced Message Queuing Protocol
Version 1.6.0 rc1
Spring Advanced Message Queuing Protocol
Version 1.6.10
Spring Advanced Message Queuing Protocol
Version 1.6.1
Spring Advanced Message Queuing Protocol
Version 1.6.2
Spring Advanced Message Queuing Protocol
Version 1.6.3
Spring Advanced Message Queuing Protocol
Version 1.6.4
Spring Advanced Message Queuing Protocol
Version 1.6.5
Spring Advanced Message Queuing Protocol
Version 1.6.6
Spring Advanced Message Queuing Protocol
Version 1.6.7
Spring Advanced Message Queuing Protocol
Version 1.6.8
Spring Advanced Message Queuing Protocol
Version 1.6.9
Spring Advanced Message Queuing Protocol
Version 1.7.0
Spring Advanced Message Queuing Protocol
Version 1.7.1
Spring Advanced Message Queuing Protocol
Version 1.7.2
Spring Advanced Message Queuing Protocol
Version 1.7.3

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

Source: security_alert@emc.com
Third Party AdvisoryVDB Entry
Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.