ghsa-4vhf-2hv7-8mrx
Vulnerability from github
Published
2022-05-14 01:14
Modified
2023-12-20 19:11
Severity
Summary
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Details
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.activemq:activemq-client" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.activemq:activemq-broker" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.10.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2014-3600" ], "database_specific": { "cwe_ids": [ "CWE-611" ], "github_reviewed": true, "github_reviewed_at": "2022-07-07T22:38:48Z", "nvd_published_at": "2017-10-27T19:29:00Z", "severity": "CRITICAL" }, "details": "XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.", "id": "GHSA-4vhf-2hv7-8mrx", "modified": "2023-12-20T19:11:17Z", "published": "2022-05-14T01:14:52Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3600" }, { "type": "WEB", "url": "https://github.com/apache/activemq/commit/3e5ac6326db59f524a0e71f6b717428607d7b67d" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100722" }, { "type": "WEB", "url": "https://github.com/apache/activemq" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/AMQ-5333" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E" }, { "type": "WEB", "url": "http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2015/q1/427" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Improper Restriction of XML External Entity Reference in Apache ActiveMQ" }
Loading...