Lucene search
ApacheCVELIST:CVE-2023-26512HistoryJul 17, 2023 - 7:16 a.m.
CVE-2023-26512 Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data
2023-07-1707:16:12
CWE-502
apache
www.cve.org
3
apache eventmesh
rabbitmq-connector
rce
deserialization
untrusted data
windows
linux
mac os
controlled message
project repo
new version
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and
remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache EventMesh (incubating) RabbitMQ connector",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "1.7.0",
"versionType": "maven"
}
]
}
]Related
osv
osv
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
2023-07-17 09:30:23
CVE-2023-26512
2023-07-17 08:15:09
cve
cve
CVE-2023-26512
2023-07-17 08:15:09
veracode
veracode
Remote Code Execution (RCE)
2023-07-18 23:31:37
prion
prion
Deserialization of untrusted data
2023-07-17 08:15:00
nvd
nvd
CVE-2023-26512
2023-07-17 08:15:09
github
github