You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2022/08/17 20:49:56 UTC
[activemq-website] branch main updated: NO-JIRA revert previous change
This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/main by this push:
new 9d7cd28d7 NO-JIRA revert previous change
9d7cd28d7 is described below
commit 9d7cd28d78652c40a1075ae4369e54c106d8b4e3
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Wed Aug 17 15:49:53 2022 -0500
NO-JIRA revert previous change
---
.../CVE-2022-23913-announcement.txt | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/src/security-advisories.data/CVE-2022-23913-announcement.txt b/src/security-advisories.data/CVE-2022-23913-announcement.txt
index ce1610f91..e422a741b 100644
--- a/src/security-advisories.data/CVE-2022-23913-announcement.txt
+++ b/src/security-advisories.data/CVE-2022-23913-announcement.txt
@@ -1,20 +1,18 @@
-HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
+Apache ActiveMQ Artemis DoS (CVE-2022-23913)
PRODUCT AFFECTED:
This issue affects Apache ActiveMQ Artemis.
PROBLEM:
-An attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
+In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
-WORKAROUND:
-
-Upgrade to Apache ActiveMQ Artemis 2.24.0.
+This issue has been assigned CVE-2022-23913.
-Credit:
+This issue is being tracked as https://issues.apache.org/jira/browse/ARTEMIS-3593.
-Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.
+WORKAROUND:
+Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using Java 8).
MODIFICATION HISTORY:
: Initial Publication.
RELATED LINKS:
-CVE-2022-35278 at cve.mitre.org
-
+CVE-2022-23913 at cve.mitre.org