[
https://issues.apache.org/jira/browse/AMQ-8622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré reassigned AMQ-8622:
-----------------------------------------
Assignee: Jean-Baptiste Onofré
> Fix CVE-2020-10663 | CVSS 7.5 | org.apache.zookeeper_zookeeper in AMQ version
> -----------------------------------------------------------------------------
>
> Key: AMQ-8622
> URL: https://issues.apache.org/jira/browse/AMQ-8622
> Project: ActiveMQ
> Issue Type: Bug
> Components: AMQP, Broker
> Reporter: Atmadeep Sen
> Assignee: Jean-Baptiste Onofré
> Priority: Critical
> Attachments: Screen Shot 2022-06-02 at 12.21.56 PM.png
>
>
> Hi AMQ team,
> Our team is using the latest version 5.17.1 released on April 29, 2022. We
> still see the above CVE-2020-10663 | CVSS 7.5 |
> org.apache.zookeeper_zookeeper in the latest version. This vulnerability is
> an unsafe Object Creation Vulnerability.
> This is quite similar to CVE-2013-0269, but does not rely on poor
> garbage-collection behavior within Ruby. Specifically, use of JSON parsing
> methods can lead to creation of a malicious object within the interpreter,
> with adverse effects that are application-dependent.
> fixed in 3.6.3, 3.5.9
> Please provide us with an ETA for the next release in which the vulnerability
> is going to be fixed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
