CVE-2016-4974
CVE-2016-4974 affects Apache Qpid AMQP 0-x JMS client prior to 6.0.4 and JMS (AMQP 1.0) prior to 0.10.0. The root cause is insufficient restriction of classes on the classpath, allowing remote authenticated users to deserialize arbitrary objects via a crafted JMS ObjectMessage handled by getObjec...