Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-8045

Опубликовано: 27 нояб. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:m1:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m1:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m2:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.02827
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

github логотип

GHSA-vqqg-xgv7-cf68

CVSS3: 9.8
github
больше 3 лет назад

Deserialization of Untrusted Data in Spring AMQP

EPSS

Процентиль: 86%
0.02827
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502