Hornetq Security Vulnerabilities - February

CVE-2014-3599

HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy

CVE-2017-12174

It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.