org.apache.activemq:apollo-selector@1.2 vulnerabilities
-
latest version
1.7.1
-
latest non vulnerable version
-
first published
13 years ago
-
latest version published
9 years ago
-
licenses detected
- [1.0-beta1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.activemq:apollo-selector package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.activemq:apollo-selector is a messaging and Integration Patterns server. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It is possible for a consumer dequeuing XML message(s) to specify an XPath based selector thus causing the broker to evaluate the expression and attempt to match it against the messages in the queue while also performing an XML external entity resolution. How to fix XML External Entity (XXE) Injection? Upgrade |
[1.0,1.7.1)
|