exploitDog

CVE-2024-56736

Опубликовано: 16 апр. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat (incubating): before 1.7.0.

Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Ссылки

https://lists.apache.org/thread/kdzg36h9yxp0q0n4lhcfppxntjy8rj1x
Mailing List
Vendor Advisory
https://lists.apache.org/thread/lwfhsllos1rx9v8k0yhl252cbpqpn0sv
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/04/16/1
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

Версия до 1.7.0 (исключая)

EPSS

Процентиль: 25%

0.00085

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-gj7g-7f7f-wjr5

CVSS3: 6.5

github

10 месяцев назад

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

EPSS

Процентиль: 25%

0.00085

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918