org.apache.activemq:activemq-openwire-legacy

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.activemq:activemq-openwire-legacypage 1 of 1

CVE-2023-46604CRITICALCVSS 10.0EG 10.0⚠ KEV✓ Fixed in 5.18.3
2023-10-27
vulnerable: 5.18.0, 5.18.1, 5.18.2
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipul…
CVE-2025-27533HIGHCVSS 7.5EG 7.5✓ Fixed in 5.16.8
2025-05-07
vulnerable: 5.10.0 ... 5.9.1 (52 versions)
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited …

Check whether org.apache.activemq:activemq-openwire-legacy is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.activemq:activemq-openwire-legacy CVEs against the assets you own.

Start Free Scan →