This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 026438164 Automatic Site Publish by Buildbot
026438164 is described below
commit 0264381644c78ea82199a47f4e9da48b9eae6328
Author: buildbot <us...@infra.apache.org>
AuthorDate: Sat Nov 11 05:14:22 2023 +0000
Automatic Site Publish by Buildbot
---
output/security-advisories.data/CVE-2023-46604-announcement.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/output/security-advisories.data/CVE-2023-46604-announcement.txt
b/output/security-advisories.data/CVE-2023-46604-announcement.txt
index 97f4b80aa..b5157f8bc 100644
--- a/output/security-advisories.data/CVE-2023-46604-announcement.txt
+++ b/output/security-advisories.data/CVE-2023-46604-announcement.txt
@@ -11,9 +11,9 @@ Affected versions:
Description:
-Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may
allow a remote attacker with network access to a broker to run arbitrary shell
commands by manipulating serialized class types in the OpenWire protocol to
cause the broker to instantiate any class on the classpath.
+The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
This vulnerability may allow a remote attacker with network access to either a
Java-based OpenWire broker or client to run arbitrary shell commands by
manipulating serialized class types in the OpenWire protocol to cause either
the client or the broker (respectively) to instantiate any class on the
classpath.
-Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or
5.18.3, which fixes this issue.
+Users are recommended to upgrade both brokers and clients to version 5.15.16,
5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
This issue is being tracked as AMQ-9370
