CVE-2024-45505

CVE-2024-45505: Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities

Vendor Apache Software Foundation

Product Apache HertzBeat

Weakness CWE-77

Published November 18, 2024

Last update November 18, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

Key dates

Disclosure timeline

November 18, 2024 CVE published

November 18, 2024 Record updated