src/security-advisories.data/CVE-2019-0222-announcement.txt - activemq-website - Git at Google

 CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown

 Severity: Important

 Vendor:
 The Apache Software Foundation

 Versions Affected:
 Apache ActiveMQ 5.0.0 - 5.15.8

 Description:
 Unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

 Mitigation:
 Upgrade to Apache ActiveMQ 5.15.9. Alternatevly, you can manually upgrade MQTT library to version 1.15 in lib/extra directory. You can download the jar from https://repo1.maven.org/maven2/org/fusesource/mqtt-client/mqtt-client/1.15/mqtt-client-1.15.jar. If you don't use MQTT protocol, you can disable the transport as well.


 Credit:
 This issue was discovered by:

 * Indrajeet Singh - <insi_2304@ymail.com>
	CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown

	Severity: Important

	Vendor:
	The Apache Software Foundation

	Versions Affected:
	Apache ActiveMQ 5.0.0 - 5.15.8

	Description:
	Unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

	Mitigation:
	Upgrade to Apache ActiveMQ 5.15.9. Alternatevly, you can manually upgrade MQTT library to version 1.15 in lib/extra directory. You can download the jar from https://repo1.maven.org/maven2/org/fusesource/mqtt-client/mqtt-client/1.15/mqtt-client-1.15.jar. If you don't use MQTT protocol, you can disable the transport as well.


	Credit:
	This issue was discovered by:

	* Indrajeet Singh - <insi_2304@ymail.com>