oss-sec mailing list archives

ARTEMIS-3593: CVE-2022-23913: Apache ActiveMQ Artemis DoS

From: Justin Bertram <jbertram () apache org>
Date: Thu, 3 Feb 2022 14:01:23 -0600

Description:

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could
partially disrupt availability (DoS) through uncontrolled resource
consumption of memory.

Mitigation:

Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using
Java 8).

References:

https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2

Current thread:

ARTEMIS-3593: CVE-2022-23913: Apache ActiveMQ Artemis DoS Justin Bertram (Feb 03)