SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).
This vulnerability can only be exploited by authorized attackers.
This issue affects Apache HertzBeat (incubating): before 1.6.0.
Users are recommended to upgrade to version 1.6.0, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 23 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache hertzbeat |
|
CPEs | cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache hertzbeat |
|
Metrics |
cvssV3_1
|
Sat, 21 Sep 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue. | |
Title | Apache HertzBeat: RCE by snakeYaml deser load malicious xml | |
Weaknesses | CWE-502 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-09-21T09:30:15.295Z
Updated: 2024-09-23T15:23:37.578Z
Reserved: 2024-07-30T08:25:01.718Z
Link: CVE-2024-42323
Vulnrichment
Updated: 2024-09-21T13:05:19.173Z
NVD
Status : Awaiting Analysis
Published: 2024-09-21T10:15:06.160
Modified: 2024-11-21T09:33:52.577
Link: CVE-2024-42323
Redhat
No data.