CVE-2021-22097 - AskarLabs CVE Database

CVE-2021-22097

Vendor N/A

Product Spring AMQP

Weakness CWE-502 · Unsafe deserialization

Published October 28, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.

Key dates

02Disclosure timeline

October 28, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22097

Related vulnerabilities

04Related CVE

CVE-2024-49147 Microsoft Update Catalog Elevation of Privilege Vulnerability CVE-2025-31927 WordPress Acerola <= 1.6.5 - PHP Object Injection Vulnerability CVE-2026-24159 CVE-2025-39348 WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability CVE-2024-30226 WordPress BetterDocs plugin <= 3.3.3 - Unauthenticated PHP Object Injection vulnerability