CVE-2020-36282

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.37 % (73^th)

Affected Products 1

Advisories 1

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.

Weaknesses

CWE-502: Deserialization of Untrusted Data

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-03-12 01:15:12
(3 years ago)
Updated Date: 2023-11-07 03:22:14
(10 months ago)

Affected Products

Rabbitmq

Jms Client

Configuration #1

		CPE23	From	Up To
	Rabbitmq Jms Client for Rabbitmq from 1.0.0 version and prior 1.15.2 version	cpe:2.3:a:rabbitmq:jms_client::::::rabbitmq	>= 1.0.0	< 1.15.2
	Rabbitmq Jms Client for Rabbitmq from 2.0.0 version and prior 2.2.0 version	cpe:2.3:a:rabbitmq:jms_client::::::rabbitmq	>= 2.0.0	< 2.2.0