CVE-2017-8045: Deserialization of Untrusted Data

May 17, 2022 (updated June 30, 2022)

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.

References

www.securityfocus.com/bid/100936
github.com/advisories/GHSA-vqqg-xgv7-cf68
nvd.nist.gov/vuln/detail/CVE-2017-8045
pivotal.io/security/cve-2017-8045

Code Behaviors & Features

Detect and mitigate CVE-2017-8045 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →