This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 6125bace5 Automatic Site Publish by Buildbot
6125bace5 is described below
commit 6125bace55976ceff8bf162f23efe8fe90fb3d4a
Author: buildbot <[email protected]>
AuthorDate: Sat Nov 11 05:44:13 2023 +0000
Automatic Site Publish by Buildbot
---
output/news/cve-2023-46604.html | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/output/news/cve-2023-46604.html b/output/news/cve-2023-46604.html
index 87527dd94..4d7a70de8 100644
--- a/output/news/cve-2023-46604.html
+++ b/output/news/cve-2023-46604.html
@@ -122,10 +122,10 @@
<h4 id="cve-overview">CVE Overview</h4>
-<p>As stated in the <a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-46604";>official CVE
description</a>:</p>
+<p>As stated in the official CVE description:</p>
<blockquote>
- <p>Apache ActiveMQ is vulnerable to Remote Code Execution. The vulnerability
may allow a remote attacker with network access to a broker to run arbitrary
shell commands by manipulating serialized class types in the OpenWire protocol
to cause the broker to instantiate any class on the classpath.</p>
+ <p>The Java OpenWire protocol marshaller is vulnerable to Remote Code
Execution. This vulnerability may allow a remote attacker with network access
to either a Java-based OpenWire broker or client to run arbitrary shell
commands by manipulating serialized class types in the OpenWire protocol to
cause either the client or the broker (respectively) to instantiate any class
on the classpath.</p>
</blockquote>
<p>Three things are required to exploit this vulnerability:</p>
