Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://seclists.org/oss-sec/2015/q1/427
http://www.securityfocus.com/bid/72510
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
https://issues.apache.org/jira/browse/AMQ-5333
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2022-39382 Vulnerability in npm package @keystone-6/core
CVE-2023-5217 Vulnerability in npm package electron
CVE-2023-30526 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework
CVE-2022-36900 Vulnerability in maven package com.compuware.jenkins:compuware-zadviser-api