You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@activemq.apache.org by jb...@apache.org on 2022/08/17 20:49:56 UTC

[activemq-website] branch main updated: NO-JIRA revert previous change

This is an automated email from the ASF dual-hosted git repository.

jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git


The following commit(s) were added to refs/heads/main by this push:
     new 9d7cd28d7 NO-JIRA revert previous change
9d7cd28d7 is described below

commit 9d7cd28d78652c40a1075ae4369e54c106d8b4e3
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Wed Aug 17 15:49:53 2022 -0500

    NO-JIRA revert previous change
---
 .../CVE-2022-23913-announcement.txt                      | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/security-advisories.data/CVE-2022-23913-announcement.txt b/src/security-advisories.data/CVE-2022-23913-announcement.txt
index ce1610f91..e422a741b 100644
--- a/src/security-advisories.data/CVE-2022-23913-announcement.txt
+++ b/src/security-advisories.data/CVE-2022-23913-announcement.txt
@@ -1,20 +1,18 @@
-HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
+Apache ActiveMQ Artemis DoS (CVE-2022-23913)
 PRODUCT AFFECTED:
 This issue affects Apache ActiveMQ Artemis.
 
 PROBLEM:
-An attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
+In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
 
-WORKAROUND:
-
-Upgrade to Apache ActiveMQ Artemis 2.24.0.
+This issue has been assigned CVE-2022-23913.
 
-Credit:
+This issue is being tracked as https://issues.apache.org/jira/browse/ARTEMIS-3593.
 
-Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.
+WORKAROUND:
+Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using Java 8).
 
 MODIFICATION HISTORY:
 : Initial Publication.
 RELATED LINKS:
-CVE-2022-35278 at cve.mitre.org
-
+CVE-2022-23913 at cve.mitre.org