oss-sec mailing list archives

CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss

From: Chao Gong <gongchao () apache org>
Date: Wed, 16 Apr 2025 11:15:56 +0000

Severity: low

Affected versions:

- Apache HertzBeat (incubating) before 1.7.0

Description:

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat (incubating): before 1.7.0.

Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Credit:

tonghuaroot (finder)
zyufoye (finder)

References:

https://www.cve.org/CVERecord?id=CVE-2024-56736

Current thread:

CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss Chao Gong (Apr 16)