org.apache.activemq:apache-activemq@6.2.6

  • latest version

    6.2.7

  • latest non vulnerable version

  • first published

    19 years ago

  • latest version published

    9 days ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the org.apache.activemq:apache-activemq package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the rendering of the browse page in the web console, where message IDs are displayed without proper sanitization. An attacker can execute arbitrary HTML or JavaScript code in the browser of an administrator by sending a crafted JMS message ID containing malicious payloads.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • H
    Improper Authorization

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to Improper Authorization due to improper access control in the Web Console process. An attacker can gain unauthorized administrative privileges by accessing /admin/* paths after authenticating as a low-privilege user.

    How to fix Improper Authorization?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • M
    Incorrect Calculation of Buffer Size

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker can exhaust system resources or force abnormal connection closure by continuously streaming body bytes, causing the per-connection command buffer to exceed configured limits or triggering transport exception handling.

    How to fix Incorrect Calculation of Buffer Size?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • M
    External Control of System or Configuration Setting

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the LdapNetworkConnector process. An attacker can instantiate unauthorized transports and trigger the creation of an additional broker service within the same JVM by publishing or modifying LDAP entries that match the configured searchBase and searchFilter.

    How to fix External Control of System or Configuration Setting?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • H
    Memory Allocation with Excessive Size Value

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the WireFormatInfo negotiation process. An attacker can cause the broker to allocate excessive memory and crash by sending a specially crafted frame with a large size value during pre-authentication negotiation.

    How to fix Memory Allocation with Excessive Size Value?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • H
    Memory Allocation with Excessive Size Value

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the unmarshalling process of OpenWire message property maps without proper size validation. An attacker can exhaust system memory and cause a broker crash by sending a crafted message with a large encoded size value.

    How to fix Memory Allocation with Excessive Size Value?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • M
    Missing Authorization

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to Missing Authorization in the process that manages temporary destinations. An attacker can gain unauthorized access to consume messages from another user's temporary destination by establishing a separate connection and bypassing client-side isolation checks.

    How to fix Missing Authorization?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)
    • H
    Allocation of Resources Without Limits or Throttling

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory by repeatedly sending BrokerInfo commands without a corresponding ConnectionInfo, ultimately causing the broker to crash.

    How to fix Allocation of Resources Without Limits or Throttling?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [5.19.7,5.19.8)[6.2.6,6.2.7)
    • H
    Memory Allocation with Excessive Size Value

    org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

    Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. via the STOMP NIO codec process. An attacker can cause the broker to buffer unbounded header data, leading to exhaustion of the JVM heap by sending header bytes that never terminate over a STOMP NIO connection.

    How to fix Memory Allocation with Excessive Size Value?

    Upgrade org.apache.activemq:apache-activemq to version 5.19.8, 6.2.7 or higher.

    [,5.19.8)[6.0.0,6.2.7)