Description
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
Remediation
References
http://www.securityfocus.com/bid/100936
https://pivotal.io/security/cve-2017-8045
Related Vulnerabilities
CVE-2018-16489 Vulnerability in maven package org.webjars.npm:just-extend
CVE-2021-39148 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2021-21234 Vulnerability in maven package eu.hinsch:spring-boot-actuator-logview
CVE-2018-3721 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash