This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 49915a833 Automatic Site Publish by Buildbot
49915a833 is described below
commit 49915a833506e62bd246cb09d09fcdd107062dd9
Author: buildbot <[email protected]>
AuthorDate: Wed Aug 17 20:49:36 2022 +0000
Automatic Site Publish by Buildbot
---
.../CVE-2022-23913-announcement.txt | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/output/security-advisories.data/CVE-2022-23913-announcement.txt
b/output/security-advisories.data/CVE-2022-23913-announcement.txt
index 9ef157698..ce1610f91 100644
--- a/output/security-advisories.data/CVE-2022-23913-announcement.txt
+++ b/output/security-advisories.data/CVE-2022-23913-announcement.txt
@@ -1,19 +1,20 @@
-Apache ActiveMQ Artemis DoS (CVE-2022-23913)
+HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
PRODUCT AFFECTED:
This issue affects Apache ActiveMQ Artemis.
PROBLEM:
-In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could
partially disrupt availability (DoS) through uncontrolled resource consumption
of memory.
+An attacker could show malicious content and/or redirect users to a malicious
URL in the web console by using HTML in the name of an address or queue.
-This issue has been assigned CVE-2022-23913.
+WORKAROUND:
-This issue is being tracked as
https://issues.apache.org/jira/browse/ARTEMIS-3593.
+Upgrade to Apache ActiveMQ Artemis 2.24.0.
-WORKAROUND:
-Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using
Java 8).
+Credit:
+
+Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar
Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this
issue.
MODIFICATION HISTORY:
: Initial Publication.
RELATED LINKS:
-CVE-2022-23913 at cve.mitre.org
+CVE-2022-35278 at cve.mitre.org
