Description
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
Remediation
References
https://tanzu.vmware.com/security/cve-2021-22097
Related Vulnerabilities
CVE-2022-43418 Vulnerability in maven package org.jenkins-ci.plugins:katalon
CVE-2016-4003 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2022-29599 Vulnerability in maven package org.apache.maven.shared:maven-shared-utils
CVE-2020-5397 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2022-25167 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source