When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.activemq:activemq-openwire-generator(Maven) | 5.14.0 | 5.15.3 | N/A |
| org.apache.activemq:activemq-parent(Maven) | 5.15.0 | 5.15.3 | N/A |
| org.apache.activemq:activemq-parent(Maven) | 5.14.0 | 5.14.6 | N/A |
CVSS Metrics
