oss-sec mailing list archives

CVE-2024-45505: Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities


From: Chao Gong <gongchao () apache org>
Date: Sat, 16 Nov 2024 09:42:48 +0000

Severity: moderate

Affected versions:

- Apache HertzBeat (incubating) before 1.6.1

Description:

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat 
(incubating).

This vulnerability can only be exploited by authorized attackers.
This issue affects Apache HertzBeat (incubating): before 1.6.1.

Users are recommended to upgrade to version 1.6.1, which fixes the issue.

Credit:

Unam4 (finder)
Springkilll (finder)
yemoli (finder)
yulate (finder)

References:

https://www.cve.org/CVERecord?id=CVE-2024-45505


Current thread: