Vulnerabilities > Pivotal Software > Spring Advanced Message Queuing Protocol > 1.6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-14 | CVE-2018-11087 | Improper Certificate Validation vulnerability in Pivotal Software Rabbitmq and Spring Advanced Message Queuing Protocol Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. | 4.3 |
2017-11-27 | CVE-2017-8045 | Deserialization of Untrusted Data vulnerability in Pivotal Software Spring Advanced Message Queuing Protocol In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. | 7.5 |