Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22095

EPSS 0.57% · P69
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-22095

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Spring AMQP 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Spring AMQP是将核心 Spring 概念应用于基于 AMQP 的消息传递解决方案的开发。 Spring AMQP 2.2.0 - 2.2.19和2.3.0 - 2.3.11版本存在安全漏洞,该漏洞源于Spring AMQP Message对象在其toString()方法中,将从消息体中创建一个新的String对象,缺少对对象的大小的限制与过滤。这可能会导致带有超大消息的OOM错误。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Spring AMQP Spring AMQP versions 2.2.X prior to 2.2.20 and 2.3.x prior to 2.3.12 . -

II. Public POCs for CVE-2021-22095

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-22095

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-11-30 · 18 CVEs total

CVE-2021-43284Victure WR1200信任管理问题漏洞
CVE-2021-40101PortlandLabs Concrete CMS 安全漏洞
CVE-2021-42564Cryptshare Ag Cryptshare 输入验证错误漏洞
CVE-2021-31787Actions ATS2815 输入验证错误漏洞
CVE-2021-42099Zoho ManageEngine M365 Manager Plus 4421 代码问题漏洞
CVE-2021-43319Zoho Corporation Zoho ManageEngine Network Configuration Manager 命令注入漏洞
CVE-2021-43296Zoho ManageEngine SupportCenter Plus 代码问题漏洞
CVE-2021-43295Zoho ManageEngine SupportCenter Plus 跨站脚本漏洞
CVE-2021-43294Zoho ManageEngine SupportCenter Plus 跨站脚本漏洞
CVE-2021-41677Open Solutions For Education openSIS SQL注入漏洞
CVE-2021-43283Victure WR1200 操作系统命令注入漏洞
CVE-2021-43282Victure WR1200 信任管理问题漏洞
CVE-2021-44230PortSwigger Burp Suite 访问控制错误漏洞
CVE-2021-43202Jetbrains JetBrains TeamCity 访问控制错误漏洞
CVE-2021-43998HashiCorp Vault 安全漏洞
CVE-2021-41679Open Solutions For Education openSIS SQL注入漏洞
CVE-2021-41678Open Solutions For Education openSIS SQL注入漏洞

IV. Related Vulnerabilities

Same product: Spring AMQP
Same vendor: n/a
Same weakness: CWE-502

V. Comments for CVE-2021-22095

No comments yet

Leave a comment