CVE-2014-3600 – org.apache.activemq:activemq-client

Package

Manager: maven
Name: org.apache.activemq:activemq-client
Vulnerable Version: >=5.0.0 <5.10.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00531 pctl0.6635

Details

Improper Restriction of XML External Entity Reference in Apache ActiveMQ XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Metadata

Created: 2022-05-14T01:14:52Z
Modified: 2023-12-20T19:11:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4vhf-2hv7-8mrx/GHSA-4vhf-2hv7-8mrx.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-4vhf-2hv7-8mrx
Finding: F083
Auto approve: 1