JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
References
Link | Resource |
---|---|
https://github.com/rabbitmq/rabbitmq-jms-client/issues/135 | Patch Third Party Advisory |
https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v1.15.2 | Release Notes Third Party Advisory |
https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v2.2.0 | Release Notes Third Party Advisory |
https://medium.com/%40ramon93i7/a99645d0448b |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
18 Mar 2021, 19:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v1.15.2 - Release Notes, Third Party Advisory | |
References | (MISC) https://medium.com/@ramon93i7/a99645d0448b - Third Party Advisory | |
References | (MISC) https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v2.2.0 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/rabbitmq/rabbitmq-jms-client/issues/135 - Patch, Third Party Advisory | |
CWE | CWE-502 | |
CPE | cpe:2.3:a:rabbitmq:jms_client:*:*:*:*:*:rabbitmq:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
12 Mar 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-12 01:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-36282
Mitre link : CVE-2020-36282
CVE.ORG link : CVE-2020-36282
JSON object : View
Products Affected
rabbitmq
- jms_client
CWE
CWE-502
Deserialization of Untrusted Data