GHSA-x6rc-54xp-ccxx

Source

https://github.com/advisories/GHSA-x6rc-54xp-ccxx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x6rc-54xp-ccxx/GHSA-x6rc-54xp-ccxx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-x6rc-54xp-ccxx

Aliases

CVE-2015-3208

Published

2022-05-14T02:21:03Z

Modified

2023-11-08T03:57:53.332382Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Restriction of XML External Entity Reference in Apache ActiveMQ

Details

XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown vectors.

Database specific

{
    "nvd_published_at": "2017-07-25T18:29:00Z",
    "github_reviewed_at": "2022-07-06T20:17:45Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-611"
    ]
}

References

Affected packages

Maven / org.apache.activemq:activemq-client

Package

Name: org.apache.activemq:activemq-client; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.23.1

Database specific

{
    "last_known_affected_version_range": "<= 2.23.0"
}