Chapter 7. Fixed Common Vulnerabilities and Exposures
This section details Common Vulnerabilities and Exposures (CVEs) fixed in the AMQ Broker 7.10 release.
- ENTMQBR-5140 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
- ENTMQBR-5893 - CVE-2021-4040 broker: AMQ Broker: Malformed message can result in partial DoS (OOM)
- ENTMQBR-5933 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling
- ENTMQBR-6401 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS
- ENTMQBR-6477 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects