CVE-2020-36282

Опубликовано: 12 мар. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.

Ссылки

https://github.com/rabbitmq/rabbitmq-jms-client/issues/135
Patch
Third Party Advisory
https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v1.15.2
Release Notes
Third Party Advisory
https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v2.2.0
Release Notes
Third Party Advisory
https://medium.com/%40ramon93i7/a99645d0448b
https://github.com/rabbitmq/rabbitmq-jms-client/issues/135
Patch
Third Party Advisory
https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v1.15.2
Release Notes
Third Party Advisory
https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v2.2.0
Release Notes
Third Party Advisory
https://medium.com/%40ramon93i7/a99645d0448b

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rabbitmq:jms_client:*:*:*:*:*:rabbitmq:*:*

Версия от 1.0.0 (включая) до 1.15.2 (исключая)

cpe:2.3:a:rabbitmq:jms_client:*:*:*:*:*:rabbitmq:*:*

Версия от 2.0.0 (включая) до 2.2.0 (исключая)

EPSS

Процентиль: 82%

0.01699

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-v525-c3g5-cg9p

github

около 4 лет назад

Unsafe Deserialization that can Result in Code Execution