{"id":"CVE-2021-22095","details":"In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message","aliases":["GHSA-945q-ch46-pchg"],"modified":"2026-04-12T01:02:01.391455Z","published":"2021-11-30T19:15:08.610Z","references":[{"type":"ADVISORY","url":"https://tanzu.vmware.com/security/cve-2021-22097"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spring-projects/spring-amqp","events":[{"introduced":"e45f1a8ae69e88a2738a98b63d4dc7c20c6d44ff"},{"fixed":"96487f72e6db02859231ec420d6aee0b047784b0"},{"introduced":"0e6ef48c09c6d0d65d2876c7ca2c8b75c4545b54"},{"fixed":"0db528d89635e8cb6b02631be2d2ecdbc267a655"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"2.2.0"},{"fixed":"2.2.19"},{"introduced":"2.3.0"},{"fixed":"2.3.11"}],"cpe":"cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*"}}],"versions":["v2.2.0.RELEASE","v2.2.1.RELEASE","v2.2.10.RELEASE","v2.2.11.RELEASE","v2.2.12.RELEASE","v2.2.13.RELEASE","v2.2.14.RELEASE","v2.2.15.RELEASE","v2.2.16.RELEASE","v2.2.17.RELEASE","v2.2.18.RELEASE","v2.2.2.RELEASE","v2.2.3.RELEASE","v2.2.4.RELEASE","v2.2.5.RELEASE","v2.2.6.RELEASE","v2.2.7.RELEASE","v2.2.8.RELEASE","v2.2.9.RELEASE","v2.3.0","v2.3.1","v2.3.10","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22095.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}