Source: grave X-Debbugs-CC: t...@security.debian.org Severity: activemq Tags: security
Hi, The following vulnerability was published for grave. CVE-2023-46604[0]: | Apache ActiveMQ is vulnerable to Remote Code Execution.The | vulnerability may allow a remote attacker with network access to a | broker to run arbitrary shell commands by manipulating serialized | class types in the OpenWire protocol to cause the broker to | instantiate any class on the classpath. Users are recommended to | upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes | this issue. https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt http://www.openwall.com/lists/oss-security/2023/10/27/5 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-46604 https://www.cve.org/CVERecord?id=CVE-2023-46604 Please adjust the affected versions in the BTS as needed.