Maven package
org.apache.activemq/activemq-openwire-legacy
pkg:maven/org.apache.activemq/activemq-openwire-legacy
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-27533 | — | < 5.16.8 | 5.16.8 | May 7, 2025 | Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by dep | ||
| CVE-2023-46604 | — | KEV | >= 5.8.0, < 5.15.16 | 5.15.16 | Oct 27, 2023 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenW |
- CVE-2025-27533May 7, 2025affected < 5.16.8fixed 5.16.8
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by dep
- affected >= 5.8.0, < 5.15.16fixed 5.15.16
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenW