Description

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

https://issues.apache.org/jira/browse/AMQ-5333

https://exchange.xforce.ibmcloud.com/vulnerabilities/100722

http://www.securityfocus.com/bid/72510

http://seclists.org/oss-sec/2015/q1/427

http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2020-36179 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2018-20677 Vulnerability in npm package bootstrap-sass

CVE-2022-41401 Vulnerability in maven package org.openrefine:main

CVE-2021-21277 Vulnerability in npm package angular-expressions

CVE-2022-23494 Vulnerability in npm package tinymce

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory VDB Entry Mailing List Vendor Advisory