HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy
6.5CVSS
6.4AI Score
0.001EPSS
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
7.5CVSS
7.4AI Score
0.009EPSS