46 matches found
CVE-2026-43866
A flaw was found in Apache Camel JMS components. A remote attacker can exploit a deserialization vulnerability by sending a specially crafted ObjectMessage to a queue or topic consumed by an affected Camel application. This bypasses existing security checks, allowing the attacker to inject...
CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-43866
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-40860
A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...
CVE-2026-40860
JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...
EUVD-2026-25794
JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...
CVE-2026-40860
Apache Camel CVE-2026-40860 describes unsafe deserialization of JMS ObjectMessage payloads in camel-jms, camel-sjms, camel-sjms2 and camel-amqp. The root cause is deserialization via javax.jms.ObjectMessage.getObject() without ObjectInputFilter or allow/deny lists, triggered when mapJmsMessage is...
EUVD-2022-3674
Malicious code in bioql PyPI...
EUVD-2021-7743
Malicious code in bioql PyPI...
GHSA-Q9HR-3PG4-3JP4 Improper Input Validation in Apache ActiveMQ
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service JMS ObjectMessage object...
Remote Code Execution (RCE)
Artemis in EAP 7 is vulnerable to remote code execution. The vulnerability exists due to a lack of validation of permissions of the application using a JMS ObjectMessage allowing an attacker to execute maliciously craft code in the system...
7: Incomplete fix of CVE-2016-4978 in HornetQ library
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
Hardcoded credentials
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
Red Hat Jboss Enterprise Application Platform 7 代码问题漏洞
Red Hat Jboss Enterprise Application Platform 7 Red Hat Jboss Eap 7 is a middleware platform built on open standards and compatible with the Java Ee 7 specification from Red Hat USA. A code issue vulnerability exists in Red Hat JBoss Enterprise Application Platform 7 Artemis that stems from the...
Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker
Summary CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service JMS ObjectMessage object. Vulnerability Details CVEID: CVE-2015-5254...
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2015-5254)
Summary An Apache ActiveMQ vulnerability for potentially allowing a remote attacker to execute arbitrary code was addressed by IBM Control Center. Control Center is only vulnerable if configured to use JMS Java Messaging Service. Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache...