{"containers": {"cna": {"affected": [{"product": "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7", "vendor": "n/a", "versions": [{"status": "affected", "version": "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7"}]}], "datePublic": "2017-11-27T00:00:00", "descriptions": [{"lang": "en", "value": "In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack."}], "problemTypes": [{"descriptions": [{"description": "Remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-27T10:57:02", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2017-8045"}, {"name": "100936", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100936"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-8045", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7", "version": {"version_data": [{"version_value": "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2017-8045", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2017-8045"}, {"name": "100936", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100936"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.514Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2017-8045"}, {"name": "100936", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100936"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-8045", "datePublished": "2017-11-27T10:00:00", "dateReserved": "2017-04-21T00:00:00", "dateUpdated": "2024-08-05T16:19:29.514Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8ACFBB63-5DF2-4CFE-9F37-B4F91BAF210C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:m1:*:*:*:*:*:*", "matchCriteriaId": "FD0434AC-A22B-410C-BD47-5416ED236D6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "01C1A0C8-5881-4D45-9BAE-47342892610D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "BFE1950B-E677-4B62-80D6-DAD8AA90D74B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "56444AA0-79FF-4E96-A06A-5DE099D26F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "06313540-F311-4F45-BD93-A318D0773354", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "CF8111C7-D43F-4CE3-AD94-7A0A09036E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "1C49EC65-236E-4831-A8C0-9AEF1B308ABC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "176DD4C4-21E3-4E17-AE78-298325AE7FB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "70A38607-63FD-4270-9BCC-EFCCEDDD4496", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m1:*:*:*:*:*:*", "matchCriteriaId": "3B334BA4-4CBA-48A0-B347-3E23FA003DB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m2:*:*:*:*:*:*", "matchCriteriaId": "64170B60-0D44-4F98-B57F-9A2A05E62ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "6B6643CB-F480-462C-9C54-4F2D9F78ADD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC9B6464-C6E5-4944-8745-02605C068D0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C88C739-8DBC-4719-B0FD-A18FA598184B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "485FE522-130B-49EB-A84F-E30E70D866FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "D636C03C-420A-4997-9C01-2019EF481AD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "7E00506B-2BE4-48D6-8E7C-4A719521FC98", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "CC55C720-3B3B-456E-9E03-BE2BEB85C211", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "05C87474-4BC3-4EDE-B54D-B91154826224", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "EA632EBE-06AA-4A6E-A1DF-5C71F88A3EC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "5FAA749F-46DF-4176-ABF0-904F8F506FCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "3DBB0442-EE82-4AEA-B370-58AFFA2656DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "4138AE8A-DA42-404F-A5FA-5B99891B0A54", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBDF3851-F41B-473E-BDBE-3F45A476ECAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0BCC4621-0BF1-4869-AC68-AA14B645458B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24E48B94-9D63-47CB-BB04-DC4DCC19950B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack."}, {"lang": "es", "value": "En Pivotal Spring AMQP, en versiones anteriores a la 1.7.4, 1.6.11 y 1.5.7, org.springframework.amqp.core.Message podr\u00eda deserializarse de forma insegura al convertirse en cadena. Una carga \u00fatil maliciosa podr\u00eda manipularse para explotar esto y permitir un ataque de ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2017-8045", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-27T10:29:00.907", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100936"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2017-8045"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2017-8045"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}