CVE-2021-22097: Deserialization of Untrusted Data
(updated )
The Spring AMQP Message object’s toString()
method, will deserialize a body for a message with content type application/x-java-serialized-object
. It is possible to construct a malicious java.util.Dictionary
object that can cause 100% CPU usage in the application if the toString()
method is called.
References
Detect and mitigate CVE-2021-22097 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →