High severityNVD Advisory· Published Aug 11, 2021· Updated Aug 4, 2024
Code injection issue for java-spring-cloud-stream-template
CVE-2021-37694
Description
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@asyncapi/java-spring-cloud-stream-templatenpm | < 0.7.0 | 0.7.0 |
Affected products
2- Range: < 0.7.0
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-xj6r-2jpm-qvxpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-37694ghsaADVISORY
- github.com/asyncapi/java-spring-cloud-stream-template/security/advisories/GHSA-xj6r-2jpm-qvxpghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.