This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 2bae4e785 Automatic Site Publish by Buildbot
2bae4e785 is described below
commit 2bae4e78532bbba0dfcb9ffde2018d78004612eb
Author: buildbot <[email protected]>
AuthorDate: Wed Aug 17 20:53:45 2022 +0000
Automatic Site Publish by Buildbot
---
.../CVE-2022-23913-announcement.txt | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/output/security-advisories.data/CVE-2022-23913-announcement.txt
b/output/security-advisories.data/CVE-2022-23913-announcement.txt
index ce1610f91..e422a741b 100644
--- a/output/security-advisories.data/CVE-2022-23913-announcement.txt
+++ b/output/security-advisories.data/CVE-2022-23913-announcement.txt
@@ -1,20 +1,18 @@
-HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
+Apache ActiveMQ Artemis DoS (CVE-2022-23913)
PRODUCT AFFECTED:
This issue affects Apache ActiveMQ Artemis.
PROBLEM:
-An attacker could show malicious content and/or redirect users to a malicious
URL in the web console by using HTML in the name of an address or queue.
+In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could
partially disrupt availability (DoS) through uncontrolled resource consumption
of memory.
-WORKAROUND:
-
-Upgrade to Apache ActiveMQ Artemis 2.24.0.
+This issue has been assigned CVE-2022-23913.
-Credit:
+This issue is being tracked as
https://issues.apache.org/jira/browse/ARTEMIS-3593.
-Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar
Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this
issue.
+WORKAROUND:
+Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using
Java 8).
MODIFICATION HISTORY:
: Initial Publication.
RELATED LINKS:
-CVE-2022-35278 at cve.mitre.org
-
+CVE-2022-23913 at cve.mitre.org
