Lucene search
China National Vulnerability DatabaseCNVD-2023-70283HistoryJul 14, 2023 - 12:00 a.m.
Apache RocketMQ Code Injection Vulnerability
2023-07-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
apache rocketmq
code injection
vulnerability
extranet leak
privilege authentication
remote command execution
nameserver component
0.01 Low
EPSS
Percentile
84.1%
Apache RocketMQ is the United States Apache (Apache) Foundation of a lightweight data processing platform and messaging engine. Apache RocketMQ suffers from a code injection vulnerability that originates from an extranet leak of the NameServer address and lack of privilege authentication, which can be exploited by an attacker to cause remote command execution of the NameServer component.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache rocketmq >=5.0.0, | le | 5.1.1 | |
| apache rocketmq | le | 4.9.6 |
Related
githubexploit
githubexploit
Exploit for Code Injection in Apache Rocketmq
2023-07-14 12:22:45
cvelist
cvelist
cve
cve
CVE-2023-37582
2023-07-12 10:15:11
veracode
veracode
Arbitrary Code Injection
2023-07-21 10:22:11
nessus
nessus
Apache RocketMQ 4.2.0 < 4.6.1 Directory Traversal (CVE-2023-37582)
2023-11-10 00:00:00
Apache RocketMQ < 4.9.7 / 5.x < 5.1.2 RCE (CVE-2023-37582)
2023-11-10 00:00:00
osv
osv
RocketMQ NameServer component Code Injection vulnerability
2023-07-12 12:31:36
CVE-2023-37582
2023-07-12 10:15:11
nvd
nvd
CVE-2023-37582
2023-07-12 10:15:11
prion
prion
Design/Logic Flaw
2023-07-12 10:15:00
github
github
RocketMQ NameServer component Code Injection vulnerability
2023-07-12 12:31:36