Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
https://issues.apache.org/jira/browse/AMQ-5333
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
http://www.securityfocus.com/bid/72510
http://seclists.org/oss-sec/2015/q1/427
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2016-10703 Vulnerability in npm package ecstatic
CVE-2020-5228 Vulnerability in maven package org.opencastproject:opencast-oaipmh-api
CVE-2021-43843 Vulnerability in npm package jsx-slack
CVE-2023-3691 Vulnerability in maven package org.webjars.bower:layui
CVE-2021-21181 Vulnerability in maven package org.webjars.npm:electron