This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/main by this push:
new eea6ae873 Updating description of CVE-2023-46604
eea6ae873 is described below
commit eea6ae8730b6527feb2c818a0d343c63551e749b
Author: Justin Bertram <[email protected]>
AuthorDate: Fri Nov 10 23:42:55 2023 -0600
Updating description of CVE-2023-46604
---
src/_news/CVE-2023-46604.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/_news/CVE-2023-46604.md b/src/_news/CVE-2023-46604.md
index 3a8a40545..2afeadf84 100644
--- a/src/_news/CVE-2023-46604.md
+++ b/src/_news/CVE-2023-46604.md
@@ -27,9 +27,9 @@ Artemis:
#### CVE Overview
-As stated in the [official CVE
description](https://nvd.nist.gov/vuln/detail/CVE-2023-46604):
+As stated in the official CVE description:
-> Apache ActiveMQ is vulnerable to Remote Code Execution. The vulnerability
may allow a remote attacker with network access to a broker to run arbitrary
shell commands by manipulating serialized class types in the OpenWire protocol
to cause the broker to instantiate any class on the classpath.
+> The Java OpenWire protocol marshaller is vulnerable to Remote Code
Execution. This vulnerability may allow a remote attacker with network access
to either a Java-based OpenWire broker or client to run arbitrary shell
commands by manipulating serialized class types in the OpenWire protocol to
cause either the client or the broker (respectively) to instantiate any class
on the classpath.
Three things are required to exploit this vulnerability:
