Home
MEDIUM: 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:NDefault status
unaffected
4.0.0 (custom) before 4.0.4
affected
3.2.0 (custom) before 3.2.11
affected
3.1.0 (custom) before 3.1.16
affected
2.4.0 (custom) before 2.4.18
affected
Description
Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.
Problem types
CWE-330: Use of Insufficiently Random Values
Product status
4.0.0 (custom) before 4.0.4
3.2.0 (custom) before 3.2.11
3.1.0 (custom) before 3.1.16
2.4.0 (custom) before 2.4.18
References
spring.io/security/cve-2026-41701