CVE-2024-42323

CVE-2024-42323: Apache HertzBeat: RCE by snakeYaml deser load malicious xml

Vendor Apache Software Foundation

Product Apache HertzBeat

Weakness CWE-502 · Unsafe deserialization

Published September 21, 2024

Last update September 23, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.

Key dates

Disclosure timeline

September 21, 2024 CVE published

September 23, 2024 Record updated