Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://seclists.org/oss-sec/2015/q1/427
http://www.securityfocus.com/bid/72510
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
https://issues.apache.org/jira/browse/AMQ-5333
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2022-3224 Vulnerability in maven package org.webjars.npm:parse-url
CVE-2022-32210 Vulnerability in maven package org.webjars.npm:undici
CVE-2023-0044 Vulnerability in maven package io.quarkus:quarkus-security-webauthn
CVE-2017-2606 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-33987 Vulnerability in maven package org.webjars.npm:got