CVE-2023-51387
CVE-2023-51387 affects Hertzbeat before v1.4.1, where improper sanitization of alert expressions in the aviatorscript evaluation path allows a user with access to the alert define function to execute arbitrary commands on the Hertzbeat server. The root cause is input sanitization in alert express...