[AMQ-8622] Fix CVE-2020-10663 | CVSS 7.5 | org.apache.zookeeper_zookeeper in AMQ version - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Not A Problem
Affects Version/s: None
Fix Version/s: None
Component/s: AMQP, Broker
Labels:
None

Description

Hi AMQ team,

Our team is using the latest version 5.17.1 released on April 29, 2022. We still see the above CVE-2020-10663 | CVSS 7.5 | org.apache.zookeeper_zookeeper in the latest version. This vulnerability is an unsafe Object Creation Vulnerability.

This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

fixed in 3.6.3, 3.5.9

Please provide us with an ETA for the next release in which the vulnerability is going to be fixed.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Screen Shot 2022-06-02 at 12.21.56 PM.png
02/Jun/22 17:22
491 kB
Atmadeep Sen

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Atmadeep Sen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Jun/22 17:22

Updated:: 12/Aug/22 05:51

Resolved:: 12/Aug/22 05:51