4 matches found
Arbitrary Code Injection
org.apache.rocketmq, rocketmq-namesrv is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ...
Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit
RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...
Apache RocketMQ may have remote code execution vulnerability when using update configuration function
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
Apache RocketMQ update config RCE
RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...