This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/main by this push:
new 63d2f636f NO-JIRA update for CVE-2022-35278
63d2f636f is described below
commit 63d2f636f88bb0cd6351bd13d42140f330e20c6b
Author: Justin Bertram <[email protected]>
AuthorDate: Wed Aug 17 15:47:35 2022 -0500
NO-JIRA update for CVE-2022-35278
---
.../CVE-2022-23913-announcement.txt | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/src/security-advisories.data/CVE-2022-23913-announcement.txt
b/src/security-advisories.data/CVE-2022-23913-announcement.txt
index 9ef157698..ce1610f91 100644
--- a/src/security-advisories.data/CVE-2022-23913-announcement.txt
+++ b/src/security-advisories.data/CVE-2022-23913-announcement.txt
@@ -1,19 +1,20 @@
-Apache ActiveMQ Artemis DoS (CVE-2022-23913)
+HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
PRODUCT AFFECTED:
This issue affects Apache ActiveMQ Artemis.
PROBLEM:
-In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could
partially disrupt availability (DoS) through uncontrolled resource consumption
of memory.
+An attacker could show malicious content and/or redirect users to a malicious
URL in the web console by using HTML in the name of an address or queue.
-This issue has been assigned CVE-2022-23913.
+WORKAROUND:
-This issue is being tracked as
https://issues.apache.org/jira/browse/ARTEMIS-3593.
+Upgrade to Apache ActiveMQ Artemis 2.24.0.
-WORKAROUND:
-Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using
Java 8).
+Credit:
+
+Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar
Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this
issue.
MODIFICATION HISTORY:
: Initial Publication.
RELATED LINKS:
-CVE-2022-23913 at cve.mitre.org
+CVE-2022-35278 at cve.mitre.org
