8.8
CVE-2024-42323
- EPSS 4.05%
- Veröffentlicht 21.09.2024 10:15:06
- Zuletzt bearbeitet 01.07.2025 20:27:42
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache HertzBeat: RCE by snakeYaml deser load malicious xml
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.05% | 0.894 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx
https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t
http://www.openwall.com/lists/oss-security/2024/09/21/1