CVE-2021-22095

Deserialization of Untrusted Data in maven/org.springframework.amqp/spring-amqp

Identifiers

CVE-2021-22095

Package Slug

maven/org.springframework.amqp/spring-amqp

Vulnerability

Deserialization of Untrusted Data

Description

The Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message.

Affected Versions

All versions starting from 2.2.0 before 2.2.19, all versions starting from 2.3.0 before 2.3.11

Solution

Upgrade to versions 2.2.19, 2.3.11 or above.

Last Modified

2021-12-02

source