CVE-2016-2173: Improper Input Validation
(updated )
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
References
- lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html
- lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html
- lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html
- bugzilla.redhat.com/show_bug.cgi?id=1326205
- github.com/advisories/GHSA-hrp3-8p5w-27gv
- nvd.nist.gov/vuln/detail/CVE-2016-2173
- pivotal.io/security/cve-2016-2173
Detect and mitigate CVE-2016-2173 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →