org.apache.activemq:activemq-client 5.16.4

Direct Vulnerabilities

Known vulnerabilities in the org.apache.activemq:activemq-client package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Memory Allocation with Excessive Size Value org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value during the unmarshalling of OpenWire commands, where the size value of buffers is not properly validated. An attacker can deplete process memory and cause service disruptions by sending crafted messages. How to fix Memory Allocation with Excessive Size Value? Upgrade `org.apache.activemq:activemq-client` to version 5.16.8, 5.17.7, 5.18.7, 6.1.6 or higher.	[,5.16.8)[5.17.0,5.17.7)[5.18.0,5.18.7)[6.0.0,6.1.6)
C Deserialization of Untrusted Data org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `OpenWire` protocol. An attacker with network access to a broker or client can run arbitrary shell commands by manipulating serialized class types, causing the affected broker or client to instantiate any class on the classpath. How to fix Deserialization of Untrusted Data? Upgrade `org.apache.activemq:activemq-client` to version 5.15.16, 5.16.7, 5.17.6, 5.18.3 or higher.	[,5.15.16)[5.16.0,5.16.7)[5.17.0,5.17.6)[5.18.0,5.18.3)

Vulnerability

Vulnerable Version

Memory Allocation with Excessive Size Value

org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation.

Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value during the unmarshalling of OpenWire commands, where the size value of buffers is not properly validated. An attacker can deplete process memory and cause service disruptions by sending crafted messages.

How to fix Memory Allocation with Excessive Size Value?

Upgrade org.apache.activemq:activemq-client to version 5.16.8, 5.17.7, 5.18.7, 6.1.6 or higher.

[,5.16.8)[5.17.0,5.17.7)[5.18.0,5.18.7)[6.0.0,6.1.6)

Deserialization of Untrusted Data

org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the OpenWire protocol. An attacker with network access to a broker or client can run arbitrary shell commands by manipulating serialized class types, causing the affected broker or client to instantiate any class on the classpath.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.activemq:activemq-client to version 5.15.16, 5.16.7, 5.17.6, 5.18.3 or higher.

[,5.15.16)[5.16.0,5.16.7)[5.17.0,5.17.6)[5.18.0,5.18.3)

org.apache.activemq:activemq-client@5.16.4

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically