Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xOWhyLTNwZzQtM2pwNM4AAQzM

Critical EPSS: 0.77148% (0.98914 Percentile) EPSS:
Permalink JSON

Improper Input Validation in Apache ActiveMQ

Affected Packages Affected Versions Fixed Versions
maven:org.apache.activemq:activemq-client >= 5.12.0, < 5.12.2, >= 5.0.0, < 5.11.3 5.12.2, 5.11.3
410 Dependent packages
6,414 Dependent repositories

Affected Version Ranges

All affected versions

5.8.0, 5.9.0, 5.9.1, 5.10.0, 5.10.1, 5.10.2, 5.11.0, 5.11.1, 5.11.2, 5.12.0, 5.12.1

All unaffected versions

5.11.3, 5.11.4, 5.12.2, 5.12.3, 5.13.0, 5.13.1, 5.13.2, 5.13.3, 5.13.4, 5.13.5, 5.14.0, 5.14.1, 5.14.2, 5.14.3, 5.14.4, 5.14.5, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.16.0, 5.16.1, 5.16.2, 5.16.3, 5.16.4, 5.16.5, 5.16.6, 5.16.7, 5.16.8, 5.17.0, 5.17.1, 5.17.2, 5.17.3, 5.17.4, 5.17.5, 5.17.6, 5.17.7, 5.18.0, 5.18.1, 5.18.2, 5.18.3, 5.18.4, 5.18.5, 5.18.6, 5.18.7, 5.19.0, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

References:

Identifiers

GHSA-q9hr-3pg4-3jp4

CVE-2015-5254

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.77148

EPSS Percentile: 0.98914

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/activemq

Date and time

Published

about 3 years ago

Updated

over 1 year ago

API

JSON