Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache ActiveMQ Artemis多个组件安全漏洞
Vulnerability Description
Apache ActiveMQ Artemis是美国阿帕奇(Apache)软件基金会的一个为Java应用提供嵌入式消息服务的项目。 Apache ActiveMQ Artemis 1.4.0之前的版本中的(1)JMS Core client,(2)Artemis broker,和(3)Artemis REST组件中的javax.jms.ObjectMessage类中的‘getObject’方法存在安全漏洞。远程攻击者可利用该漏洞发送信息到Artemis broker反序列任意对象,执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A