{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45505", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-08-31T02:52:51.360Z", "datePublished": "2024-11-18T08:44:46.165Z", "dateUpdated": "2024-11-18T15:05:53.026Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache HertzBeat", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.6.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Unam4"}, {"lang": "en", "type": "finder", "value": "Springkilll"}, {"lang": "en", "type": "finder", "value": "yemoli"}, {"lang": "en", "type": "finder", "value": "yulate"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).</p>This vulnerability can only be exploited by authorized attackers.<br><p>This issue affects Apache HertzBeat (incubating): before 1.6.1.</p><p>Users are recommended to upgrade to version 1.6.1, which fixes the issue.</p>"}], "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-11-18T08:44:46.165Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/16/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-18T09:03:37.993Z"}}, {"affected": [{"vendor": "apache", "product": "hertzbeat", "cpes": ["cpe:2.3:a:apache:hertzbeat:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.6.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-18T15:05:15.319201Z", "id": "CVE-2024-45505", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-18T15:05:53.026Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/16/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-18T09:03:37.993Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-18T15:05:15.319201Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:hertzbeat:-:*:*:*:*:*:*:*"], "vendor": "apache", "product": "hertzbeat", "versions": [{"status": "affected", "version": "0", "lessThan": "1.6.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-18T15:05:48.808Z"}}], "cna": {"title": "Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Unam4"}, {"lang": "en", "type": "finder", "value": "Springkilll"}, {"lang": "en", "type": "finder", "value": "yemoli"}, {"lang": "en", "type": "finder", "value": "yulate"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache HertzBeat", "versions": [{"status": "affected", "version": "0", "lessThan": "1.6.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).</p>This vulnerability can only be exploited by authorized attackers.<br><p>This issue affects Apache HertzBeat (incubating): before 1.6.1.</p><p>Users are recommended to upgrade to version 1.6.1, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-11-18T08:44:46.165Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45505", "state": "PUBLISHED", "dateUpdated": "2024-11-18T15:05:53.026Z", "dateReserved": "2024-08-31T02:52:51.360Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-11-18T08:44:46.165Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A840B0-6D88-40B3-8EFF-312BCE77DC0D", "versionEndExcluding": "1.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando ('Inyecci\u00f3n de comandos') en Apache HertzBeat (en incubaci\u00f3n). Esta vulnerabilidad solo puede ser explotada por atacantes autorizados. Este problema afecta a Apache HertzBeat (en incubaci\u00f3n): versiones anteriores a la 1.6.1. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.6.1, que soluciona el problema."}], "id": "CVE-2024-45505", "lastModified": "2025-06-24T16:23:59.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-18T09:15:05.870", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/11/16/4"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{}