CVE-2016-2173: Improper Input Validation

May 13, 2022 (updated July 6, 2022)

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

References

lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html
lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html
lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html
bugzilla.redhat.com/show_bug.cgi?id=1326205
github.com/advisories/GHSA-hrp3-8p5w-27gv
nvd.nist.gov/vuln/detail/CVE-2016-2173
pivotal.io/security/cve-2016-2173

Code Behaviors & Features

Detect and mitigate CVE-2016-2173 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →