CVE-2024-42323 — HIGH (8.8)

Q: How severe is CVE-2024-42323?

CVE-2024-42323 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-42323?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Hertzbeat.

Vulnerability Description

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Hertzbeat	< 1.6.0

Related Weaknesses (CWE)

CWE-502

References

https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbxMailing ListVendor Advisory
https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63tMailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2024/09/21/1Mailing List

FAQ

What is CVE-2024-42323?

CVE-2024-42323 is a vulnerability with a CVSS score of 8.8 (HIGH). SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubati...

How severe is CVE-2024-42323?

CVE-2024-42323 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-42323?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Hertzbeat.