Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://seclists.org/oss-sec/2015/q1/427
http://www.securityfocus.com/bid/72510
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
https://issues.apache.org/jira/browse/AMQ-5333
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2017-15686 Vulnerability in maven package org.craftercms:crafter-studio
CVE-2022-31160 Vulnerability in npm package jquery-ui
CVE-2023-37912 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-macro-footnotes
CVE-2022-31172 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2022-37767 Vulnerability in maven package io.pebbletemplates:pebble