-
Notifications
You must be signed in to change notification settings - Fork 539
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-5072 - Vulnerability with hawtio #2958
Comments
@mmelko Could you have a look? |
Any update on this? I'm looking to get this fixed in ActiveMQ Artemis. |
ActiveMQ Artemis is currently using 2.17.6. Will there be a 2.17.7 release with this fix? |
@jbertram Releasing 2.17.7 soon. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
New vulnerability CVE-2023-5072 is identified with latest stable version of hawtio 2.17.6. This vulnerability is from org.json:json-20230227. Please upgrade to json:20231013 to fix this vulnerability.
Error details as follows
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
The text was updated successfully, but these errors were encountered: