CVE-2023-26512
Description
CWE-502 Deserialization of Untrusted Dataat therabbitmq-connector pluginmodule in Apache EventMesh (incubating)V1.7.0V1.8.0 on windowslinuxmac os e.g. platforms allows attackersto send controlled message and remote code executevia rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.073
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-26512 are affected in Apache - eventmesh-connector-rabbitmq 1.8.0 | Windows |
| Vulnerabilities CVE-2023-26512 are affected in Apache - eventmesh-connector-rabbitmq for Linux 1.8.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234