Woojin Park

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ Artemis versions 2.0.0 through 2.39.0 **Description** A vulnerability exists in Apache ActiveMQ Artemis where a user with the `createDurableQueue` or `createNonDurableQueue` permission on an address can update the routing-type supported by that address, even without the `createAddress` permission. This can be exploited when combined with the `send` permission and automatic queue creation, allowing a user to send a message with a routing-type not supported by the address, which should be rejected due to lack of permission to change the routing-type. **Recommendations** For Apache ActiveMQ Artemis versions 2.0.0 through 2.39.0, upgrade to version 2.40.0 to fix the issue.