Search for packages
| purl | pkg:maven/org.apache.activemq/activemq-all@5.14.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-37ws-cqf7-4udm
Aliases: CVE-2020-13947 GHSA-66gw-ch5v-74v8 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-5kmj-whmc-4bfa
Aliases: CVE-2017-15709 GHSA-7qm4-p377-fr2r |
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. |
Affected by 6 other vulnerabilities. |
|
VCID-9z4y-wq57-vyaf
Aliases: CVE-2019-0222 GHSA-jpv3-g4cc-6vfx |
Code Injection In Apache ActiveMQ, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. |
Affected by 4 other vulnerabilities. |
|
VCID-f5x2-zvxa-yba5
Aliases: CVE-2023-46604 GHSA-crg9-44h2-xw35 |
False positive This advisory has been marked as a false positive. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fb7w-5fvt-zqe3
Aliases: CVE-2018-8006 GHSA-hvwm-2624-rp9x |
Cross-site Scripting An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `queue.jsp` page of Apache ActiveMQ. |
Affected by 5 other vulnerabilities. |
|
VCID-k4jb-36cp-1fc4
Aliases: CVE-2022-41678 GHSA-53v4-42fg-g287 |
False positive This advisory has been marked as a false positive. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||