-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability involves CWE-502 deserialization of untrusted data via RabbitMQ messages. The critical RCE vector strongly suggests the message processing function directly deserializes message bodies using insecure Java object deserialization (readObject()). While exact code isn't available, RabbitMQ consumer implementations commonly have an onMessage handler that deserializes payloads. The combination of: 1) Explicit CWE-502 mapping, 2) RCE via message content, and 3) RabbitMQ message processing context makes this the most probable vulnerable function.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.eventmesh:eventmesh-connector-rabbitmq | maven | >= 1.7.0, <= 1.8.0 |