Moderate severityNVD Advisory· Published Oct 28, 2021· Updated Aug 3, 2024
CVE-2021-22097
CVE-2021-22097
Description
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.amqp:spring-amqpMaven | >= 2.2.0, < 2.2.19 | 2.2.19 |
org.springframework.amqp:spring-amqpMaven | >= 2.3.0, < 2.3.11 | 2.3.11 |
Affected products
2- Spring/Spring AMQPdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-fx7f-rjqj-52pjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-22097ghsaADVISORY
- tanzu.vmware.com/security/cve-2021-22097ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.