Vulnerabilities > Pivotal Software > Spring Advanced Message Queuing Protocol > 1.5.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-14 | CVE-2018-11087 | Improper Certificate Validation vulnerability in multiple products Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. | 5.9 |
2017-11-27 | CVE-2017-8045 | Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. | 9.8 |