[AMQ-9377] Fix for Critical Vulnerability on dependent libraries | Camel Core 2.25.4 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: 5.18.3
Fix Version/s: None
Component/s: AMQP
Labels:
- security

Flags:

Patch, Important
External issue URL:
https://nvd.nist.gov/vuln/detail/CVE-2020-11971

Description

We are recently flagged by JFROG XRay scanner that ActiveMQ component which we are using in our API has been affected by a critical vulnerability CVE-2020-11971. PFB the summary of the vulnerability:

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

We would like to understand the timelines of the next ActiveMQ release which would contain the fix/upgrade for this vulnerability.

Currently we are using version 5.18.3 which is affected.

Attachments

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Hemakumar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 03/Nov/23 09:41

Updated:: 08/Nov/23 13:01

Resolved:: 08/Nov/23 13:01