Description
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
https://issues.apache.org/jira/browse/APLO-366
https://exchange.xforce.ibmcloud.com/vulnerabilities/100721
http://www.securityfocus.com/bid/72508
http://seclists.org/oss-sec/2015/q1/428
http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2019-10431 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2017-14063 Vulnerability in maven package org.asynchttpclient:async-http-client
CVE-2020-8215 Vulnerability in npm package canvas
CVE-2018-20698 Vulnerability in maven package com.floragunn:search-guard-kibana-plugin