org.apache.activemq:activemq-web 5.19.2

Direct Vulnerabilities

Known vulnerabilities in the org.apache.activemq:activemq-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the JMS selector field in the web console. An attacker can display malicious content in the browser by injecting HTML and overriding the content type to HTML when browsing queues. Note: This is only exploitable if the attacker is authenticated and able to access the web console. How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.activemq:activemq-web` to version 5.19.6, 6.2.5 or higher.	[,5.19.6)[6.0.0,6.2.5)
M Directory Traversal org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the `key` parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by supplying crafted input that causes path traversal. Note: Due to a path separator resolution bug, Windows users are recommended to upgrade to versions 5.19.4 and 6.2.3. How to fix Directory Traversal? Upgrade `org.apache.activemq:activemq-web` to version 5.19.3, 6.2.2 or higher.	[,5.19.3)[6.0.0,6.2.2)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the JMS selector field in the web console. An attacker can display malicious content in the browser by injecting HTML and overriding the content type to HTML when browsing queues.

Note:

This is only exploitable if the attacker is authenticated and able to access the web console.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.activemq:activemq-web to version 5.19.6, 6.2.5 or higher.

[,5.19.6)[6.0.0,6.2.5)

Directory Traversal

org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation.

Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by supplying crafted input that causes path traversal.

Note:

Due to a path separator resolution bug, Windows users are recommended to upgrade to versions 5.19.4 and 6.2.3.

How to fix Directory Traversal?

Upgrade org.apache.activemq:activemq-web to version 5.19.3, 6.2.2 or higher.

[,5.19.3)[6.0.0,6.2.2)

org.apache.activemq:activemq-web@5.19.2

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically