spring-messaging is vulnerable to regular expression denial of service (ReDoS) attacks. A malicious user can pass a message to an in-memory STOMP broker that can cause a ReDoS.
CPE | Name | Operator | Version |
---|---|---|---|
spring messaging | le | 4.3.16.RELEASE | |
spring messaging | le | 5.0.5.RELEASE | |
spring messaging | le | 4.3.16.RELEASE | |
spring messaging | le | 5.0.5.RELEASE |
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
www.securityfocus.com/bid/104260
access.redhat.com/errata/RHSA-2018:1809
access.redhat.com/errata/RHSA-2018:3768
jira.spring.io/browse/SPR-16732
pivotal.io/security/cve-2018-1257
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html