CVE-2024-41151

CVE-2024-41151: Apache HertzBeat: RCE by notice template injection vulnerability

Vendor Apache Software Foundation

Product Apache HertzBeat

Weakness CWE-502 · Unsafe deserialization

Published November 18, 2024

Last update November 18, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

Key dates

Disclosure timeline

November 18, 2024 CVE published

November 18, 2024 Record updated