Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
https://issues.apache.org/jira/browse/AMQ-5333
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
http://www.securityfocus.com/bid/72510
http://seclists.org/oss-sec/2015/q1/427
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2022-24815 Vulnerability in npm package generator-jhipster
CVE-2021-3794 Vulnerability in npm package @vuelidate/validators
CVE-2018-19839 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2023-22461 Vulnerability in npm package @mattkrick/sanitize-svg
CVE-2014-3607 Vulnerability in maven package edu.vt.middleware:vt-ldap