Description
Hi AMQ team,
Our team is using the latest version 5.17.1 released on April 29, 2022. We still see the above CVE-2020-10663 | CVSS 7.5 | org.apache.zookeeper_zookeeper in the latest version. This vulnerability is an unsafe Object Creation Vulnerability.
This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
fixed in 3.6.3, 3.5.9
Please provide us with an ETA for the next release in which the vulnerability is going to be fixed.