41 matches found
CVE-2024-39954
CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...
EUVD-2024-54889
Malicious code in bioql PyPI...
EUVD-2023-2049
Malicious code in bioql PyPI...
EUVD-2024-52999
Malicious code in bioql PyPI...
Server-Side Request Forgery (SSRF)
org.apache.eventmesh:eventmesh-runtime is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs due to unsafe handling in the eventmesh-runtime module WebhookUtil.java, allowing attackers to read or update internal resources...
Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java
Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes th...
GHSA-HF86-8X8V-H7VC Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java
Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes th...
CVE-2024-39954
CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...
CVE-2024-39954
CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...
CVE-2024-39954
CVE-2024-39954 refers to a Server-Side Request Forgery (SSRF) in the Apache EventMesh project, specifically in the eventmesh-runtime module’s WebhookUtil.java. The vulnerability affects the WebhookUtil.java functionality that could allow an attacker to read or modify internal resources on affecte...
CVE-2024-39954 Apache EventMesh Runtime: SSRF
CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...
CVE-2024-39954 Apache EventMesh Runtime: SSRF
CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...
Apache EventMesh 安全漏洞
Apache EventMesh is a new generation of serverless event middleware from the Apache Foundation for building distributed event-driven applications. A security vulnerability exists in Apache EventMesh, which stems from a server-side request forgery vulnerability in WebhookUtil.java that could resul...
PT-2025-34179
Name of the Vulnerable Software and Affected Versions nbconvert versions up to and including 7.16.6 Description The nbconvert tool, used for converting Jupyter notebooks to various formats, has an issue on Windows systems. Converting a notebook with SVG output to PDF can lead to unauthorized code...
Linux Distros Unpatched Vulnerability : CVE-2024-56180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\ma...
PT-2025-27409 · Apache · Apache Eventmesh
Name of the Vulnerable Software and Affected Versions: Apache EventMesh versions prior to 1.12.0 Description: This issue is a Server-Side Request Forgery SSRF within the eventmesh-runtime module, specifically in the WebhookUtil.java file, affecting Windows, Linux, and macOS operating systems. The...
CVE-2023-26512
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...
Apache EventMesh deserialization vulnerability (CNVD-2025-05699)
Apache EventMesh is the United States Apache Apache Foundation's new generation of serverless event middleware for building distributed event-driven applications. Apache EventMesh versions prior to 1.11.0 have a deserialization vulnerability that arises from unsafe deserialization of serialized...
CVE-2024-56180
CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users c...
Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users c...