[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-4978":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":49,"related":50,"reserved_at":9,"published_at":51,"modified_at":52,"state":53,"summary":54,"references_raw":63,"kevs":186,"epss":187,"epss_history":190,"metrics":447,"affected":460},"CVE-2016-4978","The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[],[26],"GHSA-r9vv-xj4w-g8m8",[],[29,31,33,35,37,39,41,43,45,47],{"_key":30},"RHSA-2017:1834",{"_key":32},"RHSA-2017:1835",{"_key":34},"RHSA-2017:1837",{"_key":36},"RHSA-2017:3454",{"_key":38},"RHSA-2017:3455",{"_key":40},"RHSA-2017:3458",{"_key":42},"RHSA-2018:1448",{"_key":44},"RHSA-2018:1449",{"_key":46},"RHSA-2018:1450",{"_key":48},"RHSA-2018:1451",[],[],"2016-09-27T15:00:00.000Z","2024-08-06T00:46:40.193Z","Modified",{"cisa_kev":55,"cisa_ransomware":55,"cisa_vendor":9,"epss_severity":56,"epss_score":57,"severity":58,"severity_score":59,"severity_version":60,"severity_source":61,"severity_vector":62,"severity_status":53},false,"low",0.0136,"high",7.2,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",[64,74,80,86,90,94,98,102,106,110,114,120,124,128,132,136,140,144,148,152,156,161,165,169,173,177,181],{"url":65,"sources":66,"tags":69},"https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf",[67,61,68],"cve.org","osv_maven",[70,71,72,73],"X Refsource MISC","Technical Description","Third Party Advisory","WEB",{"url":75,"sources":76,"tags":77},"http://www.securityfocus.com/bid/93142",[67,61],[78,79,72],"VDB Entry","X Refsource BID",{"url":81,"sources":82,"tags":83},"https://access.redhat.com/errata/RHSA-2018:1448",[67,61,68],[84,85,72,73],"Vendor Advisory","X Refsource REDHAT",{"url":87,"sources":88,"tags":89},"https://access.redhat.com/errata/RHSA-2017:1836",[67,61,68],[84,85,72,73],{"url":91,"sources":92,"tags":93},"https://access.redhat.com/errata/RHSA-2017:1835",[67,61,68],[84,85,72,73],{"url":95,"sources":96,"tags":97},"https://access.redhat.com/errata/RHSA-2018:1449",[67,61,68],[84,85,72,73],{"url":99,"sources":100,"tags":101},"https://access.redhat.com/errata/RHSA-2018:1450",[67,61,68],[84,85,72,73],{"url":103,"sources":104,"tags":105},"https://access.redhat.com/errata/RHSA-2017:3458",[67,61,68],[84,85,72,73],{"url":107,"sources":108,"tags":109},"https://access.redhat.com/errata/RHSA-2017:1837",[67,61,68],[84,85,72,73],{"url":111,"sources":112,"tags":113},"https://access.redhat.com/errata/RHSA-2017:1834",[67,61,68],[84,85,72,73],{"url":115,"sources":116,"tags":117},"http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E",[67,61,68],[118,119,84,73],"Mailing List","X Refsource MLIST",{"url":121,"sources":122,"tags":123},"https://access.redhat.com/errata/RHSA-2018:1451",[67,61,68],[84,85,72,73],{"url":125,"sources":126,"tags":127},"https://access.redhat.com/errata/RHSA-2017:3455",[67,61,68],[84,85,72,73],{"url":129,"sources":130,"tags":131},"https://access.redhat.com/errata/RHSA-2017:3456",[67,61,68],[84,85,72,73],{"url":133,"sources":134,"tags":135},"https://access.redhat.com/errata/RHSA-2017:3454",[67,61,68],[84,85,72,73],{"url":137,"sources":138,"tags":139},"https://access.redhat.com/errata/RHSA-2018:1447",[67,61,68],[84,85,72,73],{"url":141,"sources":142,"tags":143},"https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E",[67,61,68],[118,119,73],{"url":145,"sources":146,"tags":147},"https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E",[67,61,68],[118,119,73],{"url":149,"sources":150,"tags":151},"https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E",[67,61,68],[118,119,73],{"url":153,"sources":154,"tags":155},"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E",[67,61,68],[118,119,73],{"url":157,"sources":158,"tags":159},"https://nvd.nist.gov/vuln/detail/CVE-2016-4978",[68],[160],"Advisory",{"url":162,"sources":163,"tags":164},"https://web.archive.org/web/20210123172653/http://www.securityfocus.com/bid/93142",[68],[73],{"url":166,"sources":167,"tags":168},"https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E",[68],[73],{"url":170,"sources":171,"tags":172},"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E",[68],[73],{"url":174,"sources":175,"tags":176},"https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02@%3Cissues.activemq.apache.org%3E",[68],[73],{"url":178,"sources":179,"tags":180},"https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2@%3Cissues.activemq.apache.org%3E",[68],[73],{"url":182,"sources":183,"tags":184},"https://github.com/apache/activemq-artemis",[68],[185],"PACKAGE",[],{"date":188,"score":57,"percentile":189},"2026-06-04",0.805,[191,195,198,200,203,206,208,211,214,217,220,223,226,228,231,234,237,240,243,246,249,252,255,257,260,263,266,268,271,274,277,279,281,284,286,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,333,336,339,342,345,348,351,354,357,360,363,365,368,371,374,377,380,383,386,388,391,394,397,400,403,406,409,412,415,417,420,423,426,429,432,435,438,440,442,444],{"date":192,"score":193,"percentile":194},"2025-11-04",0.01084,0.77162,{"date":196,"score":193,"percentile":197},"2025-11-05",0.77164,{"date":199,"score":193,"percentile":197},"2025-11-06",{"date":201,"score":193,"percentile":202},"2025-11-07",0.77178,{"date":204,"score":193,"percentile":205},"2025-11-08",0.77182,{"date":207,"score":193,"percentile":202},"2025-11-09",{"date":209,"score":193,"percentile":210},"2025-11-10",0.77166,{"date":212,"score":193,"percentile":213},"2025-11-11",0.77167,{"date":215,"score":193,"percentile":216},"2025-11-12",0.77184,{"date":218,"score":193,"percentile":219},"2025-11-13",0.77193,{"date":221,"score":193,"percentile":222},"2025-11-14",0.772,{"date":224,"score":193,"percentile":225},"2025-11-15",0.77196,{"date":227,"score":193,"percentile":225},"2025-11-16",{"date":229,"score":193,"percentile":230},"2025-11-17",0.77188,{"date":232,"score":193,"percentile":233},"2025-11-18",0.75999,{"date":235,"score":193,"percentile":236},"2025-11-19",0.76006,{"date":238,"score":193,"percentile":239},"2025-11-20",0.76016,{"date":241,"score":193,"percentile":242},"2025-11-21",0.77214,{"date":244,"score":193,"percentile":245},"2025-11-22",0.77213,{"date":247,"score":193,"percentile":248},"2025-11-23",0.77201,{"date":250,"score":193,"percentile":251},"2025-11-24",0.77203,{"date":253,"score":193,"percentile":254},"2025-11-25",0.77208,{"date":256,"score":193,"percentile":242},"2025-11-26",{"date":258,"score":193,"percentile":259},"2025-11-27",0.77216,{"date":261,"score":193,"percentile":262},"2025-11-28",0.77207,{"date":264,"score":193,"percentile":265},"2025-11-29",0.77215,{"date":267,"score":193,"percentile":245},"2025-11-30",{"date":269,"score":193,"percentile":270},"2025-12-01",0.77322,{"date":272,"score":193,"percentile":273},"2025-12-02",0.77331,{"date":275,"score":193,"percentile":276},"2025-12-03",0.77318,{"date":278,"score":193,"percentile":262},"2025-12-04",{"date":280,"score":193,"percentile":245},"2025-12-05",{"date":282,"score":193,"percentile":283},"2025-12-06",0.77217,{"date":285,"score":193,"percentile":245},"2025-12-07",{"date":287,"score":193,"percentile":288},"2025-12-08",0.77218,{"date":290,"score":193,"percentile":291},"2025-12-09",0.7724,{"date":293,"score":193,"percentile":294},"2025-12-10",0.77269,{"date":296,"score":193,"percentile":297},"2025-12-11",0.77285,{"date":299,"score":193,"percentile":300},"2025-12-12",0.77306,{"date":302,"score":193,"percentile":303},"2025-12-13",0.7731,{"date":305,"score":193,"percentile":306},"2025-12-14",0.77308,{"date":308,"score":193,"percentile":309},"2025-12-15",0.77303,{"date":311,"score":193,"percentile":312},"2025-12-16",0.77315,{"date":314,"score":193,"percentile":315},"2025-12-17",0.77324,{"date":317,"score":193,"percentile":318},"2025-12-18",0.77341,{"date":320,"score":193,"percentile":321},"2025-12-19",0.77353,{"date":323,"score":193,"percentile":324},"2025-12-20",0.77346,{"date":326,"score":193,"percentile":327},"2025-12-21",0.77342,{"date":329,"score":193,"percentile":330},"2025-12-22",0.77339,{"date":332,"score":193,"percentile":318},"2025-12-23",{"date":334,"score":193,"percentile":335},"2025-12-24",0.77352,{"date":337,"score":193,"percentile":338},"2025-12-25",0.77368,{"date":340,"score":193,"percentile":341},"2025-12-26",0.77363,{"date":343,"score":193,"percentile":344},"2025-12-27",0.77411,{"date":346,"score":193,"percentile":347},"2025-12-28",0.7735,{"date":349,"score":193,"percentile":350},"2025-12-29",0.77347,{"date":352,"score":193,"percentile":353},"2025-12-30",0.77354,{"date":355,"score":193,"percentile":356},"2025-12-31",0.7737,{"date":358,"score":193,"percentile":359},"2026-01-01",0.77494,{"date":361,"score":193,"percentile":362},"2026-01-02",0.77495,{"date":364,"score":193,"percentile":359},"2026-01-03",{"date":366,"score":193,"percentile":367},"2026-01-04",0.77376,{"date":369,"score":193,"percentile":370},"2026-01-05",0.77369,{"date":372,"score":193,"percentile":373},"2026-01-06",0.77378,{"date":375,"score":193,"percentile":376},"2026-01-07",0.77386,{"date":378,"score":193,"percentile":379},"2026-01-08",0.77394,{"date":381,"score":193,"percentile":382},"2026-01-09",0.774,{"date":384,"score":193,"percentile":385},"2026-01-10",0.77399,{"date":387,"score":193,"percentile":379},"2026-01-11",{"date":389,"score":193,"percentile":390},"2026-01-12",0.77381,{"date":392,"score":193,"percentile":393},"2026-01-13",0.7738,{"date":395,"score":193,"percentile":396},"2026-01-14",0.77404,{"date":398,"score":193,"percentile":399},"2026-01-15",0.77408,{"date":401,"score":193,"percentile":402},"2026-01-16",0.77416,{"date":404,"score":193,"percentile":405},"2026-01-17",0.77418,{"date":407,"score":193,"percentile":408},"2026-01-18",0.77414,{"date":410,"score":193,"percentile":411},"2026-01-19",0.77409,{"date":413,"score":193,"percentile":414},"2026-01-20",0.77403,{"date":416,"score":193,"percentile":411},"2026-01-21",{"date":418,"score":193,"percentile":419},"2026-01-22",0.77415,{"date":421,"score":193,"percentile":422},"2026-01-23",0.77445,{"date":424,"score":193,"percentile":425},"2026-01-24",0.77456,{"date":427,"score":193,"percentile":428},"2026-01-25",0.77447,{"date":430,"score":193,"percentile":431},"2026-01-26",0.77443,{"date":433,"score":193,"percentile":434},"2026-01-27",0.77444,{"date":436,"score":193,"percentile":437},"2026-01-28",0.77449,{"date":439,"score":193,"percentile":434},"2026-01-29",{"date":441,"score":193,"percentile":437},"2026-01-30",{"date":443,"score":193,"percentile":437},"2026-01-31",{"date":445,"score":193,"percentile":446},"2026-02-01",0.7756,[448,458],{"source":61,"cvss_v2_0":449,"cvss_v3_0":9,"cvss_v3_1":454,"cvss_v4_0":9},{"baseScore":450,"baseSeverity":9,"vectorString":451,"impactScore":452,"exploitabilityScore":453},6,"AV:N/AC:M/Au:S/C:P/I:P/A:P",6.4,6.8,{"baseScore":59,"baseSeverity":455,"vectorString":62,"impactScore":456,"exploitabilityScore":457},"HIGH",9.8,3.1,{"source":68,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":459,"cvss_v4_0":9},{"baseScore":59,"baseSeverity":9,"vectorString":62,"impactScore":456,"exploitabilityScore":457},[461,473,483],{"ecosystem":9,"name":462,"vendor":463,"product":464,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":466},"activemq artemis","apache","activemq_artemis","a",[467],{"version":468,"is_range":469,"range_type":470,"version_start":9,"version_start_type":9,"version_end":471,"version_end_type":472,"fixed_in":9},"lt1.4.0",true,"cpe","1.4.0","excluding",{"ecosystem":474,"name":475,"vendor":476,"product":477,"cpe_part":9,"purl_type":478,"purl_namespace":476,"purl_name":477,"source":9,"versions":479},"Maven","org.apache.activemq:artemis-pom","org.apache.activemq","artemis-pom","maven",[480],{"version":481,"is_range":469,"range_type":482,"version_start":9,"version_start_type":9,"version_end":471,"version_end_type":472,"fixed_in":9},"lt1_4_0","ecosystem",{"ecosystem":9,"name":484,"vendor":485,"product":486,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":487},"jboss enterprise application platform","redhat","jboss_enterprise_application_platform",[488,490,492,494],{"version":489,"is_range":55,"range_type":470,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.0",{"version":491,"is_range":55,"range_type":470,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.4.0",{"version":493,"is_range":55,"range_type":470,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0.0",{"version":495,"is_range":55,"range_type":470,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.1.0"]