org.apache.activemq:artemis-openwire-protocol 2.9.0

Direct Vulnerabilities

Known vulnerabilities in the org.apache.activemq:artemis-openwire-protocol package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Incorrect Authorization org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the `createDurableQueue` permission but without the `createAddress` permission attempts to create a non-durable JMS topic subscription on a non-existent address while address auto-creation is disabled. An attacker can create unauthorized temporary addresses by exploiting permission misconfiguration. Note: If the package is on the `org.apache.activemq` groupId, it is recommended to update to the `org.apache.artemis` groupId in the build file. How to fix Incorrect Authorization? Upgrade `org.apache.activemq:artemis-openwire-protocol` to version 2.53.0 or higher.	[2.0.0,2.53.0)
M Access Control Bypass org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Access Control Bypass. It was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. How to fix Access Control Bypass? Upgrade `org.apache.activemq:artemis-openwire-protocol` to version 2.16.0 or higher.	[,2.16.0)

Vulnerability

Vulnerable Version

Incorrect Authorization

org.apache.activemq:artemis-openwire-protocol is a package for activemq.

Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempts to create a non-durable JMS topic subscription on a non-existent address while address auto-creation is disabled. An attacker can create unauthorized temporary addresses by exploiting permission misconfiguration.

Note:

If the package is on the org.apache.activemq groupId, it is recommended to update to the org.apache.artemis groupId in the build file.

How to fix Incorrect Authorization?

Upgrade org.apache.activemq:artemis-openwire-protocol to version 2.53.0 or higher.

[2.0.0,2.53.0)

Access Control Bypass

org.apache.activemq:artemis-openwire-protocol is a package for activemq.

Affected versions of this package are vulnerable to Access Control Bypass. It was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

How to fix Access Control Bypass?

Upgrade org.apache.activemq:artemis-openwire-protocol to version 2.16.0 or higher.

[,2.16.0)

org.apache.activemq:artemis-openwire-protocol@2.9.0

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically