org.apache.activemq:activemq-all@6.2.6

  • latest version

    6.2.7

  • latest non vulnerable version

  • first published

    18 years ago

  • latest version published

    9 days ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the org.apache.activemq:activemq-all package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Incorrect Calculation of Buffer Size

    org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle.

    Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker can exhaust system resources or force abnormal connection closure by continuously streaming body bytes, causing the per-connection command buffer to exceed configured limits or triggering transport exception handling.

    How to fix Incorrect Calculation of Buffer Size?

    Upgrade org.apache.activemq:activemq-all to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • M
    External Control of System or Configuration Setting

    org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle.

    Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiate unauthorized transports and trigger the creation of an additional broker service within the same JVM by publishing or modifying LDAP entries that match the configured searchBase and searchFilter.

    How to fix External Control of System or Configuration Setting?

    Upgrade org.apache.activemq:activemq-all to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • H
    Memory Allocation with Excessive Size Value

    org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle.

    Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the WireFormatInfo negotiation process. An attacker can cause the broker to allocate excessive memory and crash by sending a specially crafted frame with a large size value during pre-authentication negotiation.

    How to fix Memory Allocation with Excessive Size Value?

    Upgrade org.apache.activemq:activemq-all to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • H
    Memory Allocation with Excessive Size Value

    org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle.

    Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without proper size validation. An attacker can exhaust system memory and cause a broker crash by sending a crafted message with a large encoded size value.

    How to fix Memory Allocation with Excessive Size Value?

    Upgrade org.apache.activemq:activemq-all to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • M
    Missing Authorization

    org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle.

    Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access to consume messages from another user's temporary destination by establishing a separate connection and bypassing client-side isolation checks.

    How to fix Missing Authorization?

    Upgrade org.apache.activemq:activemq-all to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • H
    Allocation of Resources Without Limits or Throttling

    org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle.

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory by repeatedly sending BrokerInfo commands without a corresponding ConnectionInfo, ultimately causing the broker to crash.

    How to fix Allocation of Resources Without Limits or Throttling?

    Upgrade org.apache.activemq:activemq-all to version 5.19.8, 6.2.7 or higher.

    [5.19.7,5.19.8)[6.2.6,6.2.7)
    • H
    Memory Allocation with Excessive Size Value

    org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle.

    Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the STOMP NIO codec process. An attacker can cause the broker to buffer unbounded header data, leading to exhaustion of the JVM heap by sending header bytes that never terminate over a STOMP NIO connection.

    How to fix Memory Allocation with Excessive Size Value?

    Upgrade org.apache.activemq:activemq-all to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)