Conversation
buherator
buherator
[oss-security] CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass
https://www.openwall.com/lists/oss-security/2025/04/18/3
"servers could abuse the unbounded deserialization *in the client* to provide malicious responses that may eventually cause arbitrary code execution on the client"
"The project is considering to [...] drop this part of the NMS API altogether."
https://www.openwall.com/lists/oss-security/2025/04/18/3
"servers could abuse the unbounded deserialization *in the client* to provide malicious responses that may eventually cause arbitrary code execution on the client"
"The project is considering to [...] drop this part of the NMS API altogether."
0
1
2