Описание
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability.
Ссылки
- Patch
- ExploitVendor Advisory
- Patch
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.1 (исключая)
cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00654
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-502
CWE-502
EPSS
Процентиль: 70%
0.00654
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-502
CWE-502