Vulnerability Description
JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rabbitmq | Jms Client | >= 1.0.0, < 1.15.2 |
Related Weaknesses (CWE)
References
- https://github.com/rabbitmq/rabbitmq-jms-client/issues/135PatchThird Party Advisory
- https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v1.15.2Release NotesThird Party Advisory
- https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v2.2.0Release NotesThird Party Advisory
- https://medium.com/%40ramon93i7/a99645d0448b
- https://github.com/rabbitmq/rabbitmq-jms-client/issues/135PatchThird Party Advisory
- https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v1.15.2Release NotesThird Party Advisory
- https://github.com/rabbitmq/rabbitmq-jms-client/releases/tag/v2.2.0Release NotesThird Party Advisory
- https://medium.com/%40ramon93i7/a99645d0448b
FAQ
What is CVE-2020-36282?
CVE-2020-36282 is a vulnerability with a CVSS score of 9.8 (CRITICAL). JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
How severe is CVE-2020-36282?
CVE-2020-36282 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36282?
Check the references section above for vendor advisories and patch information. Affected products include: Rabbitmq Jms Client.