[jira] [Commented] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899

ASF subversion and git services (Jira) Wed, 22 Jan 2020 04:46:54 -0800


    [ 
https://issues.apache.org/jira/browse/AMQ-7373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17021015#comment-17021015
 ]


ASF subversion and git services commented on AMQ-7373:
------------------------------------------------------

Commit ff525a5fb969d10d79b8f69ffc10df58fda85da8 in activemq's branch 
refs/heads/master from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=ff525a5 ]

Merge pull request #427 from coheigea/AMQ-7373

[AMQ-7373] Updating Jolokia

> jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899
> ------------------------------------------------------
>
>                 Key: AMQ-7373
>                 URL: https://issues.apache.org/jira/browse/AMQ-7373
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: 5.15.8, 5.15.9, 5.15.10, 5.15.11
>            Reporter: Harish Kumar
>            Assignee: Jean-Baptiste Onofré
>            Priority: Critical
>             Fix For: 5.16.0, 5.15.12
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899
> *PATH:*apache-activemq-5.15.11/lib/web/jolokia-core-1.6.0.jar
>  
> *CVE-2018-10899*
> CVSSv3 Score: 8.8
> [https://nvd.nist.gov/vuln/detail/CVE-2018-10899] 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899

Reply via email to