7.8
CVSSv3

CVE-2021-37694

Published: 11/08/2021 Updated: 13/09/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions before 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

asyncapi java-spring-cloud-stream-template

Github Repositories

CVE-2021-37694 Exploit @asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice In versions prior to 070 arbitrary code injection was possible when an attacker controls the AsyncAPI document An example is provided in GHSA-xj6r-2jpm-qvxp There are no mitigations available and all users are advised to update Windows Binary PoC /CVE-20