6.2.7
13 years ago
10 days ago
Known vulnerabilities in the org.apache.activemq:activemq-broker package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the How to fix External Control of System or Configuration Setting? Upgrade | [,5.19.8)[6.0.0,6.2.7) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without proper size validation. An attacker can exhaust system memory and cause a broker crash by sending a crafted message with a large encoded size value. How to fix Memory Allocation with Excessive Size Value? Upgrade | [,5.19.8)[6.0.0,6.2.7) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access to consume messages from another user's temporary destination by establishing a separate connection and bypassing client-side isolation checks. How to fix Missing Authorization? Upgrade | [,5.19.8)[6.0.0,6.2.7) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Authorization due to incomplete authorization checks in the destination removal process. An attacker can remove existing destinations without sufficient permissions by leveraging an authenticated connection. How to fix Improper Authorization? Upgrade | [,5.19.7)[6.0.0,6.2.6) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Input Validation over the Note: This is a bypass of the fix for CVE-2026-34197 How to fix Improper Input Validation? Upgrade | [,5.19.7)[6.0.0,6.2.6) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Input Validation through the How to fix Improper Input Validation? Upgrade | [,5.19.7)[6.0.0,6.2.6) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the Note: This is only exploitable if the broker is configured with a network connector and the How to fix Exposure of Sensitive Information Through Metadata? Upgrade | [,5.19.7)[6.0.0,6.2.6) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection in the How to fix Arbitrary Code Injection? Upgrade | [,5.19.6)[6.0.0,6.2.5) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection over the Note: This is a bypass of the fix for CVE-2026-34197. How to fix Arbitrary Code Injection? Upgrade | [,5.19.6)[6.0.0,6.2.5) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection over the How to fix Arbitrary Code Injection? Upgrade | [,5.19.4)[6.0.0,6.2.3) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the broker to exhaust all available memory and disrupt service availability by rapidly triggering TLS 1.3 handshake KeyUpdates from a client connection. How to fix Allocation of Resources Without Limits or Throttling? Upgrade | [,5.19.5)[6.0.0,6.2.4) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the Note: Due to a path separator resolution bug, Windows users are recommended to upgrade to versions 5.19.4 and 6.2.3. How to fix Directory Traversal? Upgrade | [,5.19.3)[6.0.0,6.2.2) |
org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Execution. A regression has been introduced in Apache ActiveMQ while preventing JMX re-bind (CVE-2020-13920). By passing an empty environment map to A remote client could create a How to fix Arbitrary Code Execution? Upgrade | [5.15.12,5.15.13) |