pkg:Bitnami/activemq

所有已知漏洞

• CRITICAL10.0CVE-2023-46604⚠ KEVApache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
  from 0, < 5.15.16, >= 5.16.0, < 5.16.7, >= 5.17.0, < 5.17.6, >= 5.18.0, < 5.18.3
• HIGH8.8CVE-2026-34197⚠ KEVApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
  from 0, < 5.19.4, >= 6.0.0, < 6.2.3
• CRITICAL9.8CVE-2020-11998Remote code execution in Apache ActiveMQ
  >= 5.15.12, <= 5.15.12
• HIGH8.8CVE-2026-49157Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default
  from 0, < 5.19.7, >= 6.0.0, < 6.2.6
• HIGH8.8CVE-2026-45505Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass
  from 0, < 5.19.7, >= 6.0.0, < 6.2.6
• HIGH8.8CVE-2026-40466Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI
  from 0, < 5.19.6, >= 6.0.0, < 6.2.5
• HIGH8.8CVE-2026-41044Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia
  from 0, < 5.19.6, >= 6.0.0, < 6.2.5
• HIGH8.8CVE-2024-32114Apache ActiveMQ's default configuration doesn't secure the API web context
  >= 6.0.0, < 6.1.2
• HIGH8.8CVE-2022-41678Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
  from 0, < 5.16.6, >= 5.17.0, < 5.17.4
• HIGH8.1CVE-2026-42588Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
  from 0, < 5.19.7, >= 6.0.0, < 6.2.6
• HIGH8.0CVE-2020-26217Remote Code Execution in XStream
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0
• HIGH7.5CVE-2026-39304Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM
  from 0, < 5.19.4, >= 6.0.0, < 6.2.4
• HIGH7.5CVE-2025-27533Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
  >= 5.16.0, < 5.16.8, >= 5.17.0, < 5.17.7, >= 5.18.0, < 5.18.7, >= 6.0.0, < 6.1.6
• HIGH7.5CVE-2021-26117ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
  >= 5.15.0, < 5.15.14, >= 5.16.0, < 5.16.1
• HIGH7.5CVE-2021-21341XStream can cause a Denial of Service
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM6.5CVE-2026-41043Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
  from 0, < 5.19.6, >= 6.0.0, < 6.2.5
• MEDIUM6.1CVE-2026-42253Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties
  from 0, < 5.19.7, >= 6.0.0, < 6.2.6
• MEDIUM6.1CVE-2020-13947Cross-site scripting (XSS) in Apache ActiveMQ
  from 0, < 5.15.14, >= 5.16.0, < 5.16.1
• MEDIUM6.1CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM6.1CVE-2021-21347XStream is vulnerable to an Arbitrary Code Execution attack
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM6.1CVE-2021-21346XStream is vulnerable to an Arbitrary Code Execution attack
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM6.1CVE-2020-1941Apache ActiveMQ webconsole admin GUI is open to XSS
  >= 5.0.0, <= 5.15.11
• MEDIUM5.9CVE-2026-49270Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)
  from 0, < 5.19.7, >= 6.0.0, < 6.2.6
• MEDIUM5.9CVE-2020-13920activemq - security update
  from 0, < 5.15.12
• MEDIUM5.8CVE-2021-21345XStream is vulnerable to a Remote Command Execution attack
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM5.4CVE-2026-40046Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated
  >= 6.0.0, < 6.2.4
• MEDIUM5.4CVE-2025-66168Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
  from 0, < 5.19.2, >= 6.0.0, < 6.1.9, >= 6.2.0, < 6.2.1
• MEDIUM5.4CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM5.3CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM5.3CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM5.3CVE-2021-21344XStream is vulnerable to an Arbitrary Code Execution attack
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM5.3CVE-2021-21343XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM5.3CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
  from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
• MEDIUM4.3CVE-2026-46605Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal
  from 0, < 5.19.7, >= 6.0.0, < 6.2.6
• MEDIUM4.3CVE-2026-33227Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory
  from 0, < 5.19.3, >= 6.0.0, < 6.2.2