SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).
This vulnerability can only be exploited by authorized attackers.
This issue affects Apache HertzBeat (incubating): before 1.6.0.
Users are recommended to upgrade to version 1.6.0, which fixes the issue.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx | Mailing List Vendor Advisory |
https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t | Mailing List Vendor Advisory |
http://www.openwall.com/lists/oss-security/2024/09/21/1 | Mailing List |
Configurations
History
01 Jul 2025, 20:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx - Mailing List, Vendor Advisory | |
References | () https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t - Mailing List, Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2024/09/21/1 - Mailing List | |
First Time |
Apache
Apache hertzbeat |
|
CPE | cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:* |
21 Nov 2024, 09:33
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Sep 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
21 Sep 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-21 10:15
Updated : 2025-07-01 20:27
NVD link : CVE-2024-42323
Mitre link : CVE-2024-42323
CVE.ORG link : CVE-2024-42323
JSON object : View
Products Affected
apache
- hertzbeat
CWE
CWE-502
Deserialization of Untrusted Data