You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2022/06/08 16:03:15 UTC

[activemq-website] 01/02: Update for CVE-2022-23913

This is an automated email from the ASF dual-hosted git repository.

jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git

commit 34e3729e9c76eff033865acddeb03975e4057a0e
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Thu Feb 3 14:10:41 2022 -0600

    Update for CVE-2022-23913
---
 src/components/artemis/security.md                    |  1 +
 .../CVE-2022-23913-announcement.txt                   | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/components/artemis/security.md b/src/components/artemis/security.md
index 468d52a2f..41d704e87 100644
--- a/src/components/artemis/security.md
+++ b/src/components/artemis/security.md
@@ -9,6 +9,7 @@ Details of security problems fixed in released versions of Apache ActiveMQ Artem
 
 See the main [Security Advisories](../../security-advisories) page for details for other components and general information such as reporting new security issues.
 
+*   [CVE-2022-23913](../../security-advisories.data/CVE-2022-23913-announcement.txt) - Apache ActiveMQ Artemis DoS
 *   [CVE-2021-26117](../../security-advisories.data/CVE-2021-26117-announcement.txt) - ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind 
 *   [CVE-2021-26118](../../security-advisories.data/CVE-2021-26118-announcement.txt) - Flaw in ActiveMQ Artemis OpenWire support  
 *   [CVE-2020-13932](../../security-advisories.data/CVE-2020-13932-announcement.txt) - Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin 
diff --git a/src/security-advisories.data/CVE-2022-23913-announcement.txt b/src/security-advisories.data/CVE-2022-23913-announcement.txt
new file mode 100644
index 000000000..9ef157698
--- /dev/null
+++ b/src/security-advisories.data/CVE-2022-23913-announcement.txt
@@ -0,0 +1,19 @@
+Apache ActiveMQ Artemis DoS (CVE-2022-23913)
+PRODUCT AFFECTED:
+This issue affects Apache ActiveMQ Artemis.
+
+PROBLEM:
+In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
+
+This issue has been assigned CVE-2022-23913.
+
+This issue is being tracked as https://issues.apache.org/jira/browse/ARTEMIS-3593.
+
+WORKAROUND:
+Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using Java 8).
+
+MODIFICATION HISTORY:
+: Initial Publication.
+RELATED LINKS:
+CVE-2022-23913 at cve.mitre.org
+