Description
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
Remediation
References
https://tanzu.vmware.com/security/cve-2021-22097
Related Vulnerabilities
CVE-2021-33829 Vulnerability in npm package ckeditor4
CVE-2019-10427 Vulnerability in maven package org.jenkins-ci.plugins:aqua-microscanner
CVE-2015-8855 Vulnerability in maven package org.webjars.bower:semver
CVE-2017-2613 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2015-3337 Vulnerability in maven package org.elasticsearch:elasticsearch