Atmadeep Sen created AMQ-8622:
---------------------------------
Summary: Fix CVE-2020-10663 | CVSS 7.5 |
org.apache.zookeeper_zookeeper in AMQ version
Key: AMQ-8622
URL: https://issues.apache.org/jira/browse/AMQ-8622
Project: ActiveMQ
Issue Type: Bug
Components: AMQP, Broker
Reporter: Atmadeep Sen
Attachments: Screen Shot 2022-06-02 at 12.21.56 PM.png
Hi AMQ team,
Our team is using the latest version 5.17.1 released on April 29, 2022. We
still see the above CVE-2020-10663 | CVSS 7.5 | org.apache.zookeeper_zookeeper
in the latest version. This vulnerability is an unsafe Object Creation
Vulnerability.
This is quite similar to CVE-2013-0269, but does not rely on poor
garbage-collection behavior within Ruby. Specifically, use of JSON parsing
methods can lead to creation of a malicious object within the interpreter, with
adverse effects that are application-dependent.
fixed in 3.6.3, 3.5.9
Please provide us with an ETA for the next release in which the vulnerability
is going to be fixed.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
