OESA-2023-1778

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1778

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1778.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1778

Upstream

CVE-2023-46604

Published

2023-11-03T11:06:12Z

Modified

2025-08-12T05:23:12.135874Z

Summary

activemq security update

Details

The most popular and powerful open source messaging and Integration Patterns server.

Security Fix(es):

Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.(CVE-2023-46604)

Database specific

{
    "severity": "Critical"
}

References

Affected packages

openEuler:20.03-LTS-SP1

activemq

Package

Name: activemq
Purl: pkg:rpm/openEuler/activemq&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.16-1.oe1

Ecosystem specific

{
    "noarch": [
        "activemq-5.15.16-1.oe1.noarch.rpm",
        "activemq-javadoc-5.15.16-1.oe1.noarch.rpm"
    ],
    "src": [
        "activemq-5.15.16-1.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3

activemq

Package

Name: activemq
Purl: pkg:rpm/openEuler/activemq&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.16-1.oe1

Ecosystem specific

{
    "noarch": [
        "activemq-javadoc-5.15.16-1.oe1.noarch.rpm",
        "activemq-5.15.16-1.oe1.noarch.rpm"
    ],
    "src": [
        "activemq-5.15.16-1.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS

activemq

Package

Name: activemq
Purl: pkg:rpm/openEuler/activemq&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.16-1.oe2203sp2

Ecosystem specific

{
    "noarch": [
        "activemq-javadoc-5.15.16-1.oe2203.noarch.rpm",
        "activemq-5.15.16-1.oe2203.noarch.rpm",
        "activemq-javadoc-5.15.16-1.oe2203sp1.noarch.rpm",
        "activemq-5.15.16-1.oe2203sp1.noarch.rpm",
        "activemq-javadoc-5.15.16-1.oe2203sp2.noarch.rpm",
        "activemq-5.15.16-1.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "activemq-5.15.16-1.oe2203.src.rpm",
        "activemq-5.15.16-1.oe2203sp1.src.rpm",
        "activemq-5.15.16-1.oe2203sp2.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1

activemq

Package

Name: activemq
Purl: pkg:rpm/openEuler/activemq&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.16-1.oe2203sp1

Ecosystem specific

{
    "noarch": [
        "activemq-javadoc-5.15.16-1.oe2203sp1.noarch.rpm",
        "activemq-5.15.16-1.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "activemq-5.15.16-1.oe2203sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP2

activemq

Package

Name: activemq
Purl: pkg:rpm/openEuler/activemq&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.16-1.oe2203sp2

Ecosystem specific

{
    "noarch": [
        "activemq-javadoc-5.15.16-1.oe2203sp2.noarch.rpm",
        "activemq-5.15.16-1.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "activemq-5.15.16-1.oe2203sp2.src.rpm"
    ]
}