GHSA-fj8f-56wc-q36r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fj8f-56wc-q36r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-fj8f-56wc-q36r/GHSA-fj8f-56wc-q36r.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-fj8f-56wc-q36r
- Aliases
- Published
- 2023-07-17T09:30:23Z
- Modified
- 2023-11-07T05:23:59.010003Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
- Details
-
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and
remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, the new version is set to be released as soon as possible.
- Database specific
{ "nvd_published_at": "2023-07-17T08:15:09Z", "cwe_ids": [ "CWE-502" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-07-28T21:37:28Z" }- References
Affected packages
Maven / org.apache.eventmesh:eventmesh-connector-rabbitmq
Package
- Name
- org.apache.eventmesh:eventmesh-connector-rabbitmq
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.eventmesh/eventmesh-connector-rabbitmq