G7Shot

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ NMS OpenWire Client versions prior to 2.1.1 **Description** The issue affects the Apache ActiveMQ NMS OpenWire Client when connecting to untrusted servers, allowing these servers to potentially abuse unbounded deserialization in the client. This could lead to malicious responses causing arbitrary code execution on the client. The .NET team has deprecated the built-in .NET binary serialization feature, and the project is considering dropping this part of the NMS API. **Recommendations** Upgrade to version 2.1.1 to fix the issue. Migrate away from relying on .NET binary serialization as a hardening method for the future.