Products
Apache HertzBeat (incubating)
- before 1.6.0
Source
security@apache.org
Tags
CVE-2024-42323 details
Published : Sept. 21, 2024, 10:15 a.m.
Last Modified : Sept. 21, 2024, 10:15 a.m.
Last Modified : Sept. 21, 2024, 10:15 a.m.
Description
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-502 | Deserialization of Untrusted Data | The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. |
References
| URL | Source |
|---|---|
| https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx | security@apache.org |
| https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t | security@apache.org |
This website uses the NVD API, but is not approved or certified by it.