Advisories for Maven/Org.apache.artemis/Artemis-Stomp-Protocol package

2026

Apache Artemis has an Incorrect Authorization issue

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. A user could successfully send a message to an address or consume a message from a queue with a routing-type not supported …