SnakeYaml Deserialization RCE Vulnerability in Apache HertzBeat (incubating)

CVE-2024-42323

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Hertzbeat
Vendor: CVE Published:; 21 September 2024

Summary

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).

This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0.

Users are recommended to upgrade to version 1.6.0, which fixes the issue.

Affected Version(s)

Apache HertzBeat < 1.6.0

References

https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1s...

vendor-advisory

https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom...

vendor-advisory

Timeline

Vulnerability published
Sep 21, 2024
Vulnerability Reserved
Jul 30, 2024

Collectors

NVD DatabaseMitre Database

Credit

Yulate

Liufeng Yi

.