CVE-2021-22095

Name of the Vulnerable Software and Affected Versions Spring AMQP versions 2.2.0 through 2.2.19 Spring AMQP versions 2.3.0 through 2.3.11

Description The issue is related to the Spring AMQP Message object's toString() method, which creates a new String object from the message body regardless of its size. This can cause an OutOfMemory (OOM) Error when handling large messages. The vulnerability may allow a remote attacker to cause a denial of service by exploiting the toString() method's behavior, potentially leading to service disruption.

Recommendations For Spring AMQP versions 2.2.0 through 2.2.19, consider updating to a version outside of this range to mitigate the risk. For Spring AMQP versions 2.3.0 through 2.3.11, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider disabling the toString() method for the Spring AMQP Message object until a patch is available.