Hi,
The OpenWire serialization issue exists in ActiveMQ OSGi 5.15.11.
However, in the context of Tika, it's limited imho.
If you don't actually use openwire/JMS in Tika, you are not impacted
and you can exclude activemq-osgi from the transitive dependency.
Regards
JB
On Thu, Jan 4, 2024 at 8:08
Hi Team,
We are using tika-app-1.22.jar and it found transitive dependent
org.apache.activemq:activemq-osgi:5.15.11. We have found vulnerability issue
with CVE-"CVE-2023-46604" with Score 10.0 that is critical.
Could you share the impact analysis and mitigation for this CVE.
Thanks
