Critical severity9.8NVD Advisory· Published Nov 27, 2017· Updated May 13, 2026
CVE-2017-8045
CVE-2017-8045
Description
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.amqp:spring-amqpMaven | < 1.5.7 | 1.5.7 |
org.springframework.amqp:spring-amqpMaven | >= 1.6.0, < 1.6.11 | 1.6.11 |
org.springframework.amqp:spring-amqpMaven | >= 1.7.0, < 1.7.4 | 1.7.4 |
Affected products
27cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:m1:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m1:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m2:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.securityfocus.com/bid/100936nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-vqqg-xgv7-cf68ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-8045ghsaADVISORY
- pivotal.io/security/cve-2017-8045nvdVendor AdvisoryWEB
News mentions
0No linked articles in our index yet.