[
https://issues.apache.org/jira/browse/AMQ-7373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17021017#comment-17021017
]
ASF subversion and git services commented on AMQ-7373:
------------------------------------------------------
Commit 0fc5227c0253be675d64b1f5c3364db295dbf931 in activemq's branch
refs/heads/activemq-5.15.x from Colm O hEigeartaigh
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=0fc5227 ]
AMQ-7373 - Updating Jolokia
(cherry picked from commit 08267c4f67426509eacb91993849c0eca07d962ct)
> jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899
> ------------------------------------------------------
>
> Key: AMQ-7373
> URL: https://issues.apache.org/jira/browse/AMQ-7373
> Project: ActiveMQ
> Issue Type: Bug
> Components: Web Console
> Affects Versions: 5.15.8, 5.15.9, 5.15.10, 5.15.11
> Reporter: Harish Kumar
> Assignee: Jean-Baptiste Onofré
> Priority: Critical
> Fix For: 5.16.0, 5.15.12
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899
> *PATH:*apache-activemq-5.15.11/lib/web/jolokia-core-1.6.0.jar
>
> *CVE-2018-10899*
> CVSSv3 Score: 8.8
> [https://nvd.nist.gov/vuln/detail/CVE-2018-10899]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
