This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push: new 026438164 Automatic Site Publish by Buildbot 026438164 is described below commit 0264381644c78ea82199a47f4e9da48b9eae6328 Author: buildbot <us...@infra.apache.org> AuthorDate: Sat Nov 11 05:14:22 2023 +0000 Automatic Site Publish by Buildbot --- output/security-advisories.data/CVE-2023-46604-announcement.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/output/security-advisories.data/CVE-2023-46604-announcement.txt b/output/security-advisories.data/CVE-2023-46604-announcement.txt index 97f4b80aa..b5157f8bc 100644 --- a/output/security-advisories.data/CVE-2023-46604-announcement.txt +++ b/output/security-advisories.data/CVE-2023-46604-announcement.txt @@ -11,9 +11,9 @@ Affected versions: Description: -Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. +The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. -Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue. +Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue. This issue is being tracked as AMQ-9370