CVE-2021-37694
HIGHasyncapi/java-spring-cloud-stream-template < 0.7.0 - Remote Code Execution via AsyncAPI Document
Title source: llmDescription
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/asyncapi/java-spring-cloud-stream-template/security/advisories/GHSA-xj6r-2jpm-qvxp
Scores
CVSS v3
8.7
EPSS
0.0088
EPSS Percentile
54.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-94
Status
published
Products (2)
asyncapi/java-spring-cloud-stream-template
< 0.7.0
asyncapi/java-spring-cloud-stream-template
0 - 0.7.0npm
Published
Aug 11, 2021
Tracked Since
Feb 18, 2026