Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).

This vulnerability can only be exploited by authorized attackers.
This issue affects Apache HertzBeat (incubating): before 1.6.1.

Users are recommended to upgrade to version 1.6.1, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 24 Jun 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 18 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache hertzbeat
CPEs cpe:2.3:a:apache:hertzbeat:-:*:*:*:*:*:*:*
Vendors & Products Apache
Apache hertzbeat
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 18 Nov 2024 09:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.
Title Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities
Weaknesses CWE-77
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-11-18T15:05:53.026Z

Reserved: 2024-08-31T02:52:51.360Z

Link: CVE-2024-45505

cve-icon Vulnrichment

Updated: 2024-11-18T09:03:37.993Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-18T09:15:05.870

Modified: 2025-06-24T16:23:59.003

Link: CVE-2024-45505

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.