CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and
remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/zb1d62wh8o8pvntrnx4t1hj8vz0pm39p | Mailing List |
Configurations
Configuration 1 (hide)
AND |
|
History
27 Jul 2023, 03:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:apache:eventmesh:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Linux
Microsoft Apple Apple macos Linux linux Kernel Microsoft windows Apache Apache eventmesh |
|
References | (MISC) https://lists.apache.org/thread/zb1d62wh8o8pvntrnx4t1hj8vz0pm39p - Mailing List |
17 Jul 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-17 08:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-26512
Mitre link : CVE-2023-26512
CVE.ORG link : CVE-2023-26512
JSON object : View
Products Affected
microsoft
- windows
apple
- macos
linux
- linux_kernel
apache
- eventmesh
CWE
CWE-502
Deserialization of Untrusted Data