org.apache.activemq:artemis-core-client@1.5.4 vulnerabilities

latest version

2.33.0
latest non vulnerable version

2.33.0
first published

9 years ago
latest version published

2 months ago
licenses detected
- Apache-2.0
  [1.0.0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.activemq:artemis-core-client package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Denial of Service (DoS) org.apache.activemq:artemis-core-client is a High-performance, non-blocking architecture for the next generation of event-driven messaging applications. Affected versions of this package are vulnerable to Denial of Service (DoS) via a crafted message sent to a Java process running an Artemis Broker. This can result in an Out-Of-Memory crash. ###PoC `cat /path/to/dospayload.binary > /dev/tcp/<broker_address>/<broker_port>` NOTE: This vulnerability has also been identified as: CVE-2021-4040 How to fix Denial of Service (DoS)? Upgrade `org.apache.activemq:artemis-core-client` to version 2.19.1 or higher.	[,2.19.1)
M Denial of Service (DoS) org.apache.activemq:artemis-core-client is a High-performance, non-blocking architecture for the next generation of event-driven messaging applications. Affected versions of this package are vulnerable to Denial of Service (DoS) via a crafted message sent to a Java process running an Artemis Broker. This can result in an Out-Of-Memory crash. ###PoC `cat /path/to/dospayload.binary > /dev/tcp/<broker_address>/<broker_port>` NOTE: This vulnerability has also been identified as: CVE-2022-23913 How to fix Denial of Service (DoS)? Upgrade `org.apache.activemq:artemis-core-client` to version 2.19.1 or higher.	[,2.19.1)
H Denial of Service (DoS) org.apache.activemq:artemis-core-client is a High-performance, non-blocking architecture for the next generation of event-driven messaging applications. Affected versions of this package are vulnerable to Denial of Service (DoS). If an Apache Artemis broker is configured with discovery enabled (either UDP or JGroups), on receiving of a packet over a discovery endpoint, Apache Artemis will attempt to decode the packet and as part of it an encoded simple string. The first four bytes of the encoded simple string represent it's length. During the decoding process Apache Artemis will create a byte array of the same length. It is possible therefore to send a manipulated packet to Apache Artemis with a very large integer in the first four bytes of the simple string encoding. Upon receiving the packet the broker will attempt to allocate a byte array of this large size. This could result in heap memory exhaustion, full GC or in the worst case an unrecoverable OutOfMemoryError, resulting in loss of service. How to fix Denial of Service (DoS)? Upgrade `org.apache.activemq:artemis-core-client` to version 2.4.0, 1.5.6 or higher.	[2.0.0,2.4.0) [1.0.0,1.5.6)

Go back to all versions of this package

org.apache.activemq:artemis-core-client@1.5.4 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities