CVE-2024-23321
- EPSS 0.11%
- Published 22.07.2024 10:15:02
- Last modified 13.02.2025 18:17:02
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regul...
CVE-2023-37582
- EPSS 88.54%
- Published 12.07.2023 10:15:11
- Last modified 23.04.2025 17:16:33
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an atta...
CVE-2023-33246
- EPSS 94.39%
- Published 24.05.2023 15:15:09
- Last modified 06.03.2025 19:48:51
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification,...
CVE-2019-17572
- EPSS 1.55%
- Published 14.05.2020 17:15:11
- Last modified 21.11.2024 04:32:33
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory ...