{"vulnerability": "GHSA-XJ6R-2JPM-QVXP", "sightings": [{"uuid": "6040a559-d316-4762-b35e-fb0e44b49826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-XJ6R-2JPM-QVXP", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/27185", "content": "\u203c CVE-2021-37694 \u203c\n\n@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-11T22:38:40.000000Z"}]}