CVE-2014-3579: Improper Restriction of XML External Entity Reference
(updated )
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
References
- activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt
- exchange.xforce.ibmcloud.com/vulnerabilities/100721
- github.com/advisories/GHSA-wmhw-hpwh-44pg
- issues.apache.org/jira/browse/APLO-366
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- nvd.nist.gov/vuln/detail/CVE-2014-3579
- web.archive.org/web/20150213000202/http://seclists.org/oss-sec/2015/q1/428
- web.archive.org/web/20200228080433/http://www.securityfocus.com/bid/72508
Detect and mitigate CVE-2014-3579 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →