Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.activemq/activemq-all@5.11.4
Typemaven
Namespaceorg.apache.activemq
Nameactivemq-all
Version5.11.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.19.6
Latest_non_vulnerable_version6.2.5
Affected_by_vulnerabilities
0
url VCID-3a83-kwkc-13dq
vulnerability_id VCID-3a83-kwkc-13dq
summary 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web.

An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field.

This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5.

Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41043.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41043.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41043
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.47653
published_at 2026-06-11T12:55:00Z
1
value 0.00241
scoring_system epss
scoring_elements 0.47793
published_at 2026-06-12T12:55:00Z
2
value 0.00241
scoring_system epss
scoring_elements 0.47809
published_at 2026-06-13T12:55:00Z
3
value 0.00241
scoring_system epss
scoring_elements 0.4779
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41043
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41043
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41043
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41043
5
reference_url http://www.openwall.com/lists/oss-security/2026/04/23/5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/23/5
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id 1136024
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461407
reference_id 2461407
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461407
8
reference_url https://activemq.apache.org/security-advisories.data/CVE-2026-41043-announcement.txt
reference_id CVE-2026-41043-announcement.txt
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:05:08Z/
url https://activemq.apache.org/security-advisories.data/CVE-2026-41043-announcement.txt
9
reference_url https://github.com/advisories/GHSA-2jp3-2923-9h52
reference_id GHSA-2jp3-2923-9h52
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2jp3-2923-9h52
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.19.6
purl pkg:maven/org.apache.activemq/activemq-all@5.19.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.19.6
1
url pkg:maven/org.apache.activemq/activemq-all@6.2.5
purl pkg:maven/org.apache.activemq/activemq-all@6.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@6.2.5
aliases CVE-2026-41043, GHSA-2jp3-2923-9h52
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3a83-kwkc-13dq
1
url VCID-92hs-e8rr-yke5
vulnerability_id VCID-92hs-e8rr-yke5
summary 
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ.

ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes the broker to exhaust all its memory in the SSL engine leading to DoS.

Note: TLS versions before TLSv1.3 (such as TLSv1.2) are broken but are not vulnerable to OOM. Previous TLS versions require a full handshake renegotiation which causes a connection to hang but not OOM. This is fixed as well.
This issue affects Apache ActiveMQ Client: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.4.

Users are recommended to upgrade to version 6.2.4 or 5.19.5, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39304.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39304
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17908
published_at 2026-06-11T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.18067
published_at 2026-06-12T12:55:00Z
2
value 0.00056
scoring_system epss
scoring_elements 0.18083
published_at 2026-06-13T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.18059
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39304
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39304
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39304
5
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/17
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id 1136024
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457275
reference_id 2457275
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457275
8
reference_url https://activemq.apache.org/security-advisories.data/CVE-2026-39304-announcement.txt
reference_id CVE-2026-39304-announcement.txt
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:10:10Z/
url https://activemq.apache.org/security-advisories.data/CVE-2026-39304-announcement.txt
9
reference_url https://github.com/advisories/GHSA-5568-6qcg-g7fx
reference_id GHSA-5568-6qcg-g7fx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5568-6qcg-g7fx
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.19.4
purl pkg:maven/org.apache.activemq/activemq-all@5.19.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-g15d-he3d-myaf
2
vulnerability VCID-nv1w-jgty-yyfk
3
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.19.4
1
url pkg:maven/org.apache.activemq/activemq-all@6.2.4
purl pkg:maven/org.apache.activemq/activemq-all@6.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-nv1w-jgty-yyfk
2
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@6.2.4
aliases CVE-2026-39304, GHSA-5568-6qcg-g7fx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92hs-e8rr-yke5
2
url VCID-dmft-spq5-8khy
vulnerability_id VCID-dmft-spq5-8khy
summary 
Improper validation and restriction of a classpath path name vulnerability in 

 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ.



In two instances (when creating a Stomp consumer and also browsing messages in the Web console) an authenticated user provided "key" value could be constructed to traverse the classpath due to path concatenation. As a result, the application is exposed to a classpath path resource loading vulnerability that could potentially be chained together with another attack to lead to exploit.





This issue affects Apache ActiveMQ Client: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ Broker: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ All: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ Web: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ: before 5.19.3, from 6.0.0 before 6.2.2.

Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue. Note: 5.19.3 and 6.2.2 also fix this issue, but that is limited to non-Windows environments due to a path separator resolution bug fixed in 5.19.4 and 6.2.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33227.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33227.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33227
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.23073
published_at 2026-06-11T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.23268
published_at 2026-06-12T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.2328
published_at 2026-06-13T12:55:00Z
3
value 0.00089
scoring_system epss
scoring_elements 0.25628
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33227
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33227
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33227
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33227
5
reference_url http://www.openwall.com/lists/oss-security/2026/04/06/4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/06/4
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id 1136024
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455867
reference_id 2455867
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455867
8
reference_url https://activemq.apache.org/security-advisories.data/CVE-2026-33227-announcement.txt
reference_id CVE-2026-33227-announcement.txt
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:04:21Z/
url https://activemq.apache.org/security-advisories.data/CVE-2026-33227-announcement.txt
9
reference_url https://github.com/advisories/GHSA-h2h4-5m64-m273
reference_id GHSA-h2h4-5m64-m273
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h2h4-5m64-m273
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.19.3
purl pkg:maven/org.apache.activemq/activemq-all@5.19.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-g15d-he3d-myaf
3
vulnerability VCID-nv1w-jgty-yyfk
4
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.19.3
1
url pkg:maven/org.apache.activemq/activemq-all@6.2.2
purl pkg:maven/org.apache.activemq/activemq-all@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-8tf1-5wqk-a3gz
2
vulnerability VCID-92hs-e8rr-yke5
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@6.2.2
aliases CVE-2026-33227, GHSA-h2h4-5m64-m273
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dmft-spq5-8khy
3
url VCID-g15d-he3d-myaf
vulnerability_id VCID-g15d-he3d-myaf
summary 
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.

Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including
BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String).

An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext.
Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec().



This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3.



Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34197.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34197.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34197
reference_id
reference_type
scores
0
value 0.83461
scoring_system epss
scoring_elements 0.99296
published_at 2026-06-11T12:55:00Z
1
value 0.83461
scoring_system epss
scoring_elements 0.99299
published_at 2026-06-13T12:55:00Z
2
value 0.84549
scoring_system epss
scoring_elements 0.99352
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34197
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34197
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34197
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34197
5
reference_url http://www.openwall.com/lists/oss-security/2026/04/06/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/06/3
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id 1136024
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455869
reference_id 2455869
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455869
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34197
reference_id CVE-2026-34197
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34197
9
reference_url https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt
reference_id CVE-2026-34197-announcement.txt
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-04-17T03:55:13Z/
url https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt
10
reference_url https://github.com/advisories/GHSA-rxpj-7qvf-xv32
reference_id GHSA-rxpj-7qvf-xv32
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxpj-7qvf-xv32
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.19.5
purl pkg:maven/org.apache.activemq/activemq-all@5.19.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-nv1w-jgty-yyfk
2
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.19.5
1
url pkg:maven/org.apache.activemq/activemq-all@6.2.3
purl pkg:maven/org.apache.activemq/activemq-all@6.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-8tf1-5wqk-a3gz
2
vulnerability VCID-92hs-e8rr-yke5
3
vulnerability VCID-nv1w-jgty-yyfk
4
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@6.2.3
aliases CVE-2026-34197, GHSA-rxpj-7qvf-xv32
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g15d-he3d-myaf
4
url VCID-hnch-745k-6qhc
vulnerability_id VCID-hnch-745k-6qhc
summary Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0222.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0222.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0222
reference_id
reference_type
scores
0
value 0.08918
scoring_system epss
scoring_elements 0.92791
published_at 2026-06-14T12:55:00Z
1
value 0.08918
scoring_system epss
scoring_elements 0.92764
published_at 2026-06-11T12:55:00Z
2
value 0.08918
scoring_system epss
scoring_elements 0.92788
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0222
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://github.com/apache/activemq/commit/98b9f2e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/98b9f2e
5
reference_url https://github.com/apache/activemq/commit/f78c0962ffb46fae3397eed6b7ec1e6e15045031
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/f78c0962ffb46fae3397eed6b7ec1e6e15045031
6
reference_url https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E
16
reference_url https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html
17
reference_url https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html
18
reference_url https://security.netapp.com/advisory/ntap-20190502-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190502-0006
19
reference_url https://web.archive.org/web/20190404065432/http://www.securityfocus.com/bid/107622
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190404065432/http://www.securityfocus.com/bid/107622
20
reference_url http://www.openwall.com/lists/oss-security/2019/03/27/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/03/27/2
21
reference_url http://www.securityfocus.com/bid/107622
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107622
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1696012
reference_id 1696012
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1696012
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925964
reference_id 925964
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925964
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988109
reference_id 988109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988109
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0222
reference_id CVE-2019-0222
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0222
26
reference_url http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
reference_id CVE-2019-0222-ANNOUNCEMENT.TXT
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
27
reference_url https://github.com/advisories/GHSA-jpv3-g4cc-6vfx
reference_id GHSA-jpv3-g4cc-6vfx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jpv3-g4cc-6vfx
28
reference_url https://access.redhat.com/errata/RHSA-2020:0922
reference_id RHSA-2020:0922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0922
29
reference_url https://access.redhat.com/errata/RHSA-2020:1445
reference_id RHSA-2020:1445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1445
30
reference_url https://usn.ubuntu.com/6685-1/
reference_id USN-6685-1
reference_type
scores
url https://usn.ubuntu.com/6685-1/
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.15.9
purl pkg:maven/org.apache.activemq/activemq-all@5.15.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-f538-7n42-ayd3
4
vulnerability VCID-g15d-he3d-myaf
5
vulnerability VCID-hvem-1k9z-zyae
6
vulnerability VCID-nv1w-jgty-yyfk
7
vulnerability VCID-umda-53ec-dkd7
8
vulnerability VCID-xuvk-6evd-hqht
9
vulnerability VCID-ymjy-67sf-hygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.15.9
aliases CVE-2019-0222, GHSA-jpv3-g4cc-6vfx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnch-745k-6qhc
5
url VCID-hvem-1k9z-zyae
vulnerability_id VCID-hvem-1k9z-zyae
summary An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13947
reference_id
reference_type
scores
0
value 0.04029
scoring_system epss
scoring_elements 0.88792
published_at 2026-06-13T12:55:00Z
1
value 0.04029
scoring_system epss
scoring_elements 0.88791
published_at 2026-06-14T12:55:00Z
2
value 0.04029
scoring_system epss
scoring_elements 0.88747
published_at 2026-06-11T12:55:00Z
3
value 0.04029
scoring_system epss
scoring_elements 0.88786
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13947
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947
2
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
3
reference_url https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80
4
reference_url https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1
5
reference_url https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13947
reference_id CVE-2020-13947
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13947
9
reference_url http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
reference_id CVE-2020-13947-ANNOUNCEMENT.TXT
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
10
reference_url https://github.com/advisories/GHSA-66gw-ch5v-74v8
reference_id GHSA-66gw-ch5v-74v8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66gw-ch5v-74v8
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.15.14
purl pkg:maven/org.apache.activemq/activemq-all@5.15.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
6
vulnerability VCID-xuvk-6evd-hqht
7
vulnerability VCID-ymjy-67sf-hygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.15.14
1
url pkg:maven/org.apache.activemq/activemq-all@5.16.1
purl pkg:maven/org.apache.activemq/activemq-all@5.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
6
vulnerability VCID-xuvk-6evd-hqht
7
vulnerability VCID-ymjy-67sf-hygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.16.1
aliases CVE-2020-13947, GHSA-66gw-ch5v-74v8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvem-1k9z-zyae
6
url VCID-nv1w-jgty-yyfk
vulnerability_id VCID-nv1w-jgty-yyfk
summary 
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.



An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on the classpath.
A malicious HTTP endpoint can return a VM transport through the HTTP URI which will bypass the validation added in CVE-2026-34197. The attacker can then use the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext.
Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec().


This issue affects Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5.

Users are recommended to upgrade to version 5.19.6 or 6.2.5, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40466.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40466.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40466
reference_id
reference_type
scores
0
value 0.18014
scoring_system epss
scoring_elements 0.95334
published_at 2026-06-14T12:55:00Z
1
value 0.18014
scoring_system epss
scoring_elements 0.95312
published_at 2026-06-11T12:55:00Z
2
value 0.18014
scoring_system epss
scoring_elements 0.95327
published_at 2026-06-12T12:55:00Z
3
value 0.18014
scoring_system epss
scoring_elements 0.95333
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40466
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40466
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40466
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40466
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id 1136024
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461410
reference_id 2461410
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461410
7
reference_url https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt
reference_id CVE-2026-34197-announcement.txt
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-27T13:37:05Z/
url https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt
8
reference_url https://github.com/advisories/GHSA-w3w2-mpp5-92gm
reference_id GHSA-w3w2-mpp5-92gm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w3w2-mpp5-92gm
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.19.6
purl pkg:maven/org.apache.activemq/activemq-all@5.19.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.19.6
1
url pkg:maven/org.apache.activemq/activemq-all@6.2.5
purl pkg:maven/org.apache.activemq/activemq-all@6.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@6.2.5
aliases CVE-2026-40466, GHSA-w3w2-mpp5-92gm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nv1w-jgty-yyfk
7
url VCID-renc-pc19-k7e8
vulnerability_id VCID-renc-pc19-k7e8
summary Apache ActiveMQ web console vulnerable to Cross-site Scripting
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8006.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8006.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8006
reference_id
reference_type
scores
0
value 0.78609
scoring_system epss
scoring_elements 0.99065
published_at 2026-06-11T12:55:00Z
1
value 0.78609
scoring_system epss
scoring_elements 0.99069
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8006
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8006
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8006
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://github.com/apache/activemq/commit/2373aa1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/2373aa1
5
reference_url https://github.com/apache/activemq/commit/d8c80a98212ee5d73a281483a2f8b3f517465f62
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/d8c80a98212ee5d73a281483a2f8b3f517465f62
6
reference_url https://issues.apache.org/jira/browse/AMQ-6954
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AMQ-6954
7
reference_url https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E
15
reference_url https://web.archive.org/web/20200227115717/http://www.securityfocus.com/bid/105156
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227115717/http://www.securityfocus.com/bid/105156
16
reference_url http://www.securityfocus.com/bid/105156
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105156
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1622774
reference_id 1622774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1622774
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8006
reference_id CVE-2018-8006
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8006
19
reference_url http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt
reference_id CVE-2018-8006-ANNOUNCEMENT.TXT
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt
20
reference_url https://github.com/advisories/GHSA-hvwm-2624-rp9x
reference_id GHSA-hvwm-2624-rp9x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hvwm-2624-rp9x
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.15.6
purl pkg:maven/org.apache.activemq/activemq-all@5.15.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-f538-7n42-ayd3
4
vulnerability VCID-g15d-he3d-myaf
5
vulnerability VCID-hnch-745k-6qhc
6
vulnerability VCID-hvem-1k9z-zyae
7
vulnerability VCID-nv1w-jgty-yyfk
8
vulnerability VCID-umda-53ec-dkd7
9
vulnerability VCID-xuvk-6evd-hqht
10
vulnerability VCID-ymjy-67sf-hygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.15.6
aliases CVE-2018-8006, GHSA-hvwm-2624-rp9x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-renc-pc19-k7e8
8
url VCID-umda-53ec-dkd7
vulnerability_id VCID-umda-53ec-dkd7
summary 
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All.

An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to include an xbean binding that can be later used by a VM transport to load a remote Spring XML application.
The attacker can then use the DestinationView mbean to send a message to trigger a VM transport creation that will reference this malicious broker name which can lead to loading the malicious Spring XML context file.


Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec().

This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5.

Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41044.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41044.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41044
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.22467
published_at 2026-06-14T12:55:00Z
1
value 0.00073
scoring_system epss
scoring_elements 0.22281
published_at 2026-06-11T12:55:00Z
2
value 0.00073
scoring_system epss
scoring_elements 0.22475
published_at 2026-06-12T12:55:00Z
3
value 0.00073
scoring_system epss
scoring_elements 0.22487
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41044
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41044
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41044
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41044
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41044
5
reference_url http://www.openwall.com/lists/oss-security/2026/04/23/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/23/6
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id 1136024
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461409
reference_id 2461409
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461409
8
reference_url https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt
reference_id CVE-2026-41044-announcement.txt
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T18:22:17Z/
url https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt
9
reference_url https://github.com/advisories/GHSA-mr6m-xj7v-3cv3
reference_id GHSA-mr6m-xj7v-3cv3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mr6m-xj7v-3cv3
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.19.6
purl pkg:maven/org.apache.activemq/activemq-all@5.19.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.19.6
1
url pkg:maven/org.apache.activemq/activemq-all@6.2.5
purl pkg:maven/org.apache.activemq/activemq-all@6.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@6.2.5
aliases CVE-2026-41044, GHSA-mr6m-xj7v-3cv3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umda-53ec-dkd7
9
url VCID-xuvk-6evd-hqht
vulnerability_id VCID-xuvk-6evd-hqht
summary Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json
1
reference_url https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41678
reference_id
reference_type
scores
0
value 0.93
scoring_system epss
scoring_elements 0.99789
published_at 2026-06-13T12:55:00Z
1
value 0.93
scoring_system epss
scoring_elements 0.9979
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41678
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678
4
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
5
reference_url https://github.com/apache/activemq/commit/5c8d457d9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/5c8d457d9
6
reference_url https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2
7
reference_url https://github.com/apache/activemq/commit/bf65929fd
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/bf65929fd
8
reference_url https://github.com/apache/activemq/commit/d8ce1d9ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/d8ce1d9ff
9
reference_url https://github.com/apache/activemq/pull/958
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/pull/958
10
reference_url https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
11
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41678
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41678
13
reference_url https://security.netapp.com/advisory/ntap-20240216-0004
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240216-0004
14
reference_url https://www.openwall.com/lists/oss-security/2023/11/28/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/11/28/1
15
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/28/1
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252185
reference_id 2252185
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252185
17
reference_url https://github.com/advisories/GHSA-53v4-42fg-g287
reference_id GHSA-53v4-42fg-g287
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-53v4-42fg-g287
18
reference_url https://access.redhat.com/errata/RHSA-2024:2944
reference_id RHSA-2024:2944
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2944
19
reference_url https://access.redhat.com/errata/RHSA-2024:2945
reference_id RHSA-2024:2945
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2945
20
reference_url https://access.redhat.com/errata/RHSA-2024:3354
reference_id RHSA-2024:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3354
21
reference_url https://usn.ubuntu.com/6910-1/
reference_id USN-6910-1
reference_type
scores
url https://usn.ubuntu.com/6910-1/
22
reference_url https://usn.ubuntu.com/7268-1/
reference_id USN-7268-1
reference_type
scores
url https://usn.ubuntu.com/7268-1/
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.16.6
purl pkg:maven/org.apache.activemq/activemq-all@5.16.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
6
vulnerability VCID-ymjy-67sf-hygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.16.6
1
url pkg:maven/org.apache.activemq/activemq-all@5.17.4
purl pkg:maven/org.apache.activemq/activemq-all@5.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
6
vulnerability VCID-ymjy-67sf-hygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.17.4
aliases CVE-2022-41678, GHSA-53v4-42fg-g287
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xuvk-6evd-hqht
10
url VCID-ymjy-67sf-hygf
vulnerability_id VCID-ymjy-67sf-hygf
summary 
The Java OpenWire protocol marshaller is vulnerable to Remote Code 
Execution. This vulnerability may allow a remote attacker with network 
access to either a Java-based OpenWire broker or client to run arbitrary
 shell commands by manipulating serialized class types in the OpenWire 
protocol to cause either the client or the broker (respectively) to 
instantiate any class on the classpath.

Users are recommended to upgrade
 both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 
which fixes this issue.
references
0
reference_url http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json
2
reference_url https://activemq.apache.org/security-advisories.data/CVE-2023-46604
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://activemq.apache.org/security-advisories.data/CVE-2023-46604
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46604
reference_id
reference_type
scores
0
value 0.94436
scoring_system epss
scoring_elements 0.99988
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46604
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
5
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
6
reference_url https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc
7
reference_url https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d
8
reference_url https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f
9
reference_url https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436
10
reference_url https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0
11
reference_url https://github.com/apache/activemq/pull/1098
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/pull/1098
12
reference_url https://issues.apache.org/jira/browse/AMQ-9370
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AMQ-9370
13
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46604
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46604
15
reference_url https://security.netapp.com/advisory/ntap-20231110-0010
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231110-0010
16
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604
17
reference_url http://www.openwall.com/lists/oss-security/2023/10/27/5
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/27/5
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909
reference_id 1054909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909
19
reference_url http://seclists.org/fulldisclosure/2024/Apr/18
reference_id 18
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url http://seclists.org/fulldisclosure/2024/Apr/18
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246645
reference_id 2246645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246645
21
reference_url https://www.openwall.com/lists/oss-security/2023/10/27/5
reference_id 5
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://www.openwall.com/lists/oss-security/2023/10/27/5
22
reference_url https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
reference_id Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
23
reference_url https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
reference_id CVE-2023-46604-announcement.txt
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
24
reference_url https://github.com/advisories/GHSA-crg9-44h2-xw35
reference_id GHSA-crg9-44h2-xw35
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crg9-44h2-xw35
25
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
reference_id msg00013.html
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
26
reference_url https://security.netapp.com/advisory/ntap-20231110-0010/
reference_id ntap-20231110-0010
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://security.netapp.com/advisory/ntap-20231110-0010/
27
reference_url https://access.redhat.com/errata/RHSA-2023:6849
reference_id RHSA-2023:6849
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6849
28
reference_url https://access.redhat.com/errata/RHSA-2023:6866
reference_id RHSA-2023:6866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6866
29
reference_url https://access.redhat.com/errata/RHSA-2023:6877
reference_id RHSA-2023:6877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6877
30
reference_url https://access.redhat.com/errata/RHSA-2023:6878
reference_id RHSA-2023:6878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6878
31
reference_url https://access.redhat.com/errata/RHSA-2023:6879
reference_id RHSA-2023:6879
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6879
32
reference_url https://access.redhat.com/errata/RHSA-2023:7247
reference_id RHSA-2023:7247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7247
33
reference_url https://usn.ubuntu.com/6910-1/
reference_id USN-6910-1
reference_type
scores
url https://usn.ubuntu.com/6910-1/
34
reference_url https://usn.ubuntu.com/7268-1/
reference_id USN-7268-1
reference_type
scores
url https://usn.ubuntu.com/7268-1/
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-all@5.15.16
purl pkg:maven/org.apache.activemq/activemq-all@5.15.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
6
vulnerability VCID-xuvk-6evd-hqht
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.15.16
1
url pkg:maven/org.apache.activemq/activemq-all@5.16.7
purl pkg:maven/org.apache.activemq/activemq-all@5.16.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.16.7
2
url pkg:maven/org.apache.activemq/activemq-all@5.17.6
purl pkg:maven/org.apache.activemq/activemq-all@5.17.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.17.6
3
url pkg:maven/org.apache.activemq/activemq-all@5.18.3
purl pkg:maven/org.apache.activemq/activemq-all@5.18.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3a83-kwkc-13dq
1
vulnerability VCID-92hs-e8rr-yke5
2
vulnerability VCID-dmft-spq5-8khy
3
vulnerability VCID-g15d-he3d-myaf
4
vulnerability VCID-nv1w-jgty-yyfk
5
vulnerability VCID-umda-53ec-dkd7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.18.3
aliases CVE-2023-46604, GHSA-crg9-44h2-xw35
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymjy-67sf-hygf
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-all@5.11.4