[
https://issues.apache.org/jira/browse/AMQ-7339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16970198#comment-16970198
]
ASF subversion and git services commented on AMQ-7339:
------------------------------------------------------
Commit 7441c6b6035e4a86d6a32b39445d75a33802ec3e in activemq's branch
refs/heads/master from Colm O hEigeartaigh
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=7441c6b ]
AMQ-7339 - Fix possible XSS attack in the HttpTunnelServlet
> Fix possible XSS attack in the HttpTunnelServlet
> ------------------------------------------------
>
> Key: AMQ-7339
> URL: https://issues.apache.org/jira/browse/AMQ-7339
> Project: ActiveMQ
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 5.16.0, 5.15.11
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> There is a potential XXS attack in the HttpTunnelServlet where we return the
> clientId header directly in an error. The fix is just to avoid sending the
> header back at all, as I didn't want to add an additional dependency to
> encode it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
