Critical severity9.8NVD Advisory· Published Apr 21, 2017· Updated May 13, 2026
CVE-2016-2173
CVE-2016-2173
Description
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.amqp:spring-amqpMaven | < 1.5.5 | 1.5.5 |
Affected products
4- cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*Range: <1.5.5
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.htmlnvdPatchThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.htmlnvdPatchThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.htmlnvdPatchThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchWEB
- github.com/advisories/GHSA-hrp3-8p5w-27gvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-2173ghsaADVISORY
- pivotal.io/security/cve-2016-2173nvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.