💉 CVE-2020-12760: RCE vulnerability via ActiveMQ

Security research Florian Hauser working at Code White reported a vulnerability via ActiveMQ Minion payload deserialization which has documented in NMS-12673:

This affects the following versions:

  • Horizon before 26.0.1
  • Meridian 2019 before 2019.1.6
  • Meridian 2018 before 2018.1.18
  • Meridian 2017 and earlier are not affected

We have fixed this issue in the following versions:

  • Horizon 26.0.1
  • Meridian 2019.1.6
  • Meridian 2018.1.18