CVE-2021-20318

Summary

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.

Affected Software

VendorProductVersion RangeStatus
n/aArtemis in EAP 77.3.9.GA, 7.4.0.GAaffected

Weaknesses

  • CWE-502: CWE-502

ADP Enrichment

CVE Program Container

Additional References

References