Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
5.15.9
Description
Latest version of ActiveMQ(5.15.9) which has dependent jars has Security Vulnerabilities.
Below are the jars with Security Vulnerabilities.
1) camel-core-2.19.5.jar : To be updated to latest version(camel-core-2.24.1.jar or above).
Reference : CVE-2019-0188
Path : org.apache.activemq-5.15.9_1/lib/camel/camel-core-2.19.5.jar
2) apache-jsp-9.2.25.v20180606.jar: To be updated to latest version (apache-jsp-9.4.19.v20190610.jar)
Reference: CVE-2018-8014 , CVE-2018-8034, CVE-2019-10241, CVE-2019-10247,CVE-2017-6056
Path: org.apache.activemq-5.15.9_1/lib/web/apache-jsp-8.0.33.jar
: org.apache.activemq-5.15.9_1/lib/web/apache-jsp-9.2.25.v20180606.jar
3) scala-library-2.11.0.jar: To be updated to 2.13.0 version. ActiveMQ library has dependency with scala-library.jar
Path: org.apache.activemq-5.15.9_1/lib/optional/scala-library-2.11.0.jar
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15288
Need to upgrade the above jars to the the recommended version or provide an alternative way to replace the existing jar version with the updated versions.
