This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 2662db622 Automatic Site Publish by Buildbot
2662db622 is described below
commit 2662db622e0f7e91892b26174214ffe3c7456dc2
Author: buildbot <[email protected]>
AuthorDate: Fri Oct 27 14:51:29 2023 +0000
Automatic Site Publish by Buildbot
---
.../CVE-2023-46604-announcement.txt | 25 ++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/output/security-advisories.data/CVE-2023-46604-announcement.txt
b/output/security-advisories.data/CVE-2023-46604-announcement.txt
new file mode 100644
index 000000000..97f4b80aa
--- /dev/null
+++ b/output/security-advisories.data/CVE-2023-46604-announcement.txt
@@ -0,0 +1,25 @@
+Affected versions:
+
+- Apache ActiveMQ 5.18.0 before 5.18.3
+- Apache ActiveMQ 5.17.0 before 5.17.6
+- Apache ActiveMQ 5.16.0 before 5.16.7
+- Apache ActiveMQ before 5.15.16
+- Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
+- Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
+- Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
+- Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
+
+Description:
+
+Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may
allow a remote attacker with network access to a broker to run arbitrary shell
commands by manipulating serialized class types in the OpenWire protocol to
cause the broker to instantiate any class on the classpath.
+
+Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or
5.18.3, which fixes this issue.
+
+This issue is being tracked as AMQ-9370
+
+References:
+
+https://activemq.apache.org/security-advisories.data/CVE-2023-46604
+https://activemq.apache.org/
+https://www.cve.org/CVERecord?id=CVE-2023-46604
+https://issues.apache.org/jira/browse/AMQ-9370
