3 matches found
CVE-2023-37582
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
GHSA-GPQ8-963W-8QC9 RocketMQ NameServer component Code Injection vulnerability
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
org.apache.rocketmq:rocketmq-dashboard (=2.0.0), org.apache.rocketmq:rocketmq-namesrv (>=5.0.0 <=5.1.0) +1 more potentially affected by CVE-2023-33246 via org.apache.rocketmq:rocketmq-controller (>=5.0.0 <=5.1.0)
org.apache.rocketmq:rocketmq-controller MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.1.0 Source cves: CVE-2023-33246 Source advisory: OSV:GHSA-X3CQ-8F32-5F63...