CVE-2018-1310
First published: Wed May 23 2018(Updated: )
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache NiFi | <1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2018-1310.
What is the severity of CVE-2018-1310?
The severity of CVE-2018-1310 is high with a score of 7.5.
What is the affected software version of CVE-2018-1310?
The affected software version of CVE-2018-1310 is Apache NiFi 1.6.0.
How can I fix CVE-2018-1310?
To fix CVE-2018-1310, you need to upgrade the activemq-client library to version 5.15.3 or a higher version.
Where can I find more information about CVE-2018-1310?
You can find more information about CVE-2018-1310 at the following reference: https://nifi.apache.org/security.html#CVE-2018-1310.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache nifi