CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
80.4%
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and
remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, the new version is set to be released as soon as possible.
Vendor | Product | Version | CPE |
---|---|---|---|
org.apache.eventmesh | eventmesh-connector-rabbitmq | * | cpe:2.3:a:org.apache.eventmesh:eventmesh-connector-rabbitmq:*:*:*:*:*:*:*:* |