cve/2018/CVE-2018-1310.md

### [CVE-2018-1310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1310)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20NiFi&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brighgreen)

### Description

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-1310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1310)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20NiFi&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brighgreen)`

			`### Description`

			`Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/PalindromeLabs/Java-Deserialization-CVEs`