Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
https://issues.apache.org/jira/browse/AMQ-5333
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
http://www.securityfocus.com/bid/72510
http://seclists.org/oss-sec/2015/q1/427
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2020-26237 Vulnerability in npm package highlight.js
CVE-2018-3750 Vulnerability in npm package deep-extend
CVE-2022-23059 Vulnerability in maven package com.shopizer:sm-shop-model
CVE-2018-1000665 Vulnerability in maven package org.apache.geronimo.plugins:dojo
CVE-2020-27428 Vulnerability in npm package scratch-svg-renderer