GHSA-8rcq-p4gh-vmj8

Source

https://github.com/advisories/GHSA-8rcq-p4gh-vmj8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8rcq-p4gh-vmj8/GHSA-8rcq-p4gh-vmj8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8rcq-p4gh-vmj8

Aliases

CVE-2016-0782

Published

2022-05-14T01:14:51Z

Modified

2024-03-14T22:46:12.526712Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

Details

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

Database specific

{
    "github_reviewed": true,
    "severity": "MODERATE",
    "github_reviewed_at": "2022-07-06T20:05:48Z",
    "nvd_published_at": "2016-08-05T15:59:00Z",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven

org.apache.activemq:activemq-client

Package

Name: org.apache.activemq:activemq-client; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

5.11.4

Affected versions

5.*

5.8.0

5.9.0

5.9.1

5.10.0

5.10.1

5.10.2

5.11.0

5.11.1

5.11.2

5.11.3

Database specific

last_known_affected_version_range

"<= 5.11.3"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8rcq-p4gh-vmj8/GHSA-8rcq-p4gh-vmj8.json"

org.apache.activemq:activemq-client

Package

Name: org.apache.activemq:activemq-client; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.12.0

Fixed

5.12.3

Affected versions

5.*

5.12.0

5.12.1

5.12.2

Database specific

last_known_affected_version_range

"<= 5.12.2"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8rcq-p4gh-vmj8/GHSA-8rcq-p4gh-vmj8.json"

org.apache.activemq:activemq-client

Package

Name: org.apache.activemq:activemq-client; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.13.0

Fixed

5.13.2

Affected versions

5.*

5.13.0

5.13.1

Database specific

last_known_affected_version_range

"<= 5.13.1"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8rcq-p4gh-vmj8/GHSA-8rcq-p4gh-vmj8.json"