This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/main by this push:
new fa62ca516 NO-JIRA update for CVE-2022-35278
fa62ca516 is described below
commit fa62ca5161ac34792e0f5789513bbad5afe74709
Author: Justin Bertram <[email protected]>
AuthorDate: Wed Aug 17 15:49:13 2022 -0500
NO-JIRA update for CVE-2022-35278
---
.../CVE-2022-35278-announcement.txt | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/src/security-advisories.data/CVE-2022-35278-announcement.txt
b/src/security-advisories.data/CVE-2022-35278-announcement.txt
new file mode 100644
index 000000000..1b0aa8bac
--- /dev/null
+++ b/src/security-advisories.data/CVE-2022-35278-announcement.txt
@@ -0,0 +1,19 @@
+HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
+PRODUCT AFFECTED:
+This issue affects Apache ActiveMQ Artemis.
+
+PROBLEM:
+An attacker could show malicious content and/or redirect users to a malicious
URL in the web console by using HTML in the name of an address or queue.
+
+WORKAROUND:
+
+Upgrade to Apache ActiveMQ Artemis 2.24.0.
+
+Credit:
+
+Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar
Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this
issue.
+
+MODIFICATION HISTORY:
+: Initial Publication.
+RELATED LINKS:
+CVE-2022-35278 at cve.mitre.org
