Skip to main content

Apache ActiveMQ 5.16.7

Common Vulnerabilities & Exposures (CVE)

Get Support

CVE Affecting Apache ActiveMQ 5.16.7

CVE
Severity
Description
Category
CVE-2023-20863
2022-11-01
7.5
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
dataoperational
CWE-400
Details
CVE-2023-20861
2022-11-01
5.3
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
dataoperational
Denial-of-service vulnerability
Details
CVE-2022-22971
2022-01-10
6.5
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
data
CWE-770:
Details
CVE-2022-22968
2022-01-10
3.7
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
data
Data Binding Rules Vulnerability
Details
CVE-2022-22950
2022-01-10
5.3
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
data
CWE-770:
Details
CVE-2022-22965
2022-01-10
9.8
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
data
CWE-94:
Details
CVE-2020-11971
2020-04-21
7.5
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
data
Rebind Flaw
Details
Scanned for Vulnerabilities lately?   

Contact us & see how we can help. 

* These fields are required.