CVE-2016-2173 - Remote Code Execution in Spring AMQP - App Test Description The class orgspringframeworkcoreserializerDefaultDeserializer does not validate the deserialized object against a whitelist By supplying a crafted serialized object like Chris Frohoff's Commons Collection gadget, remote code execution can be achieved Versions Affected 100 to 154 Vendor Sp