VMware offers training and certification to turbo-charge your progress.Learn more
In affected versions of Spring AMQP, a
org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
Users of affected versions should apply the following mitigation:
This vulnerability was responsibly reported by Man Yue Mo from Semmle and lgtm.com.
The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.