Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://seclists.org/oss-sec/2015/q1/427
http://www.securityfocus.com/bid/72510
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
https://issues.apache.org/jira/browse/AMQ-5333
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2022-25940 Vulnerability in maven package org.webjars.npm:lite-server
CVE-2023-42399 Vulnerability in maven package org.webjars.npm:jodit
CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on
CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search