CVE-2020-14348

Name of the Vulnerable Software and Affected Versions AMQ Online versions prior to 1.5.2

Description The issue arises when an invalid field is injected into a user's AddressSpace configuration within the user namespace, causing AMQ Online to enter an inconsistent state. This inconsistency leads to malfunctions in AMQ Online components, including failures in provisioning and address creation. However, existing messaging clients or brokers remain unaffected.

Recommendations For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting modifications to the AddressSpace configuration to prevent injecting invalid fields until a patch is applied.