2 matches found
GHSA-GPQ8-963W-8QC9 RocketMQ NameServer component Code Injection vulnerability
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
org.apache.rocketmq:rocketmq-container (>=5.0.0 <=5.1.0), org.apache.rocketmq:rocketmq-dashboard (=2.0.0) +2 more potentially affected by CVE-2023-33246 via org.apache.rocketmq:rocketmq-broker (>=5.0.0 <=5.1.0)
org.apache.rocketmq:rocketmq-broker MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.1.0 Source cves: CVE-2023-33246 Source advisory: OSV:GHSA-X3CQ-8F32-5F63...