GSA_kwCzR0hTQS1majhmLTU2d2MtcTM2cs4AA0u5

Critical EPSS: 0.00073% (0.22855 Percentile) EPSS:

Permalink JSON

rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message

Affected Packages	Affected Versions	Fixed Versions
maven:org.apache.eventmesh:eventmesh-connector-rabbitmq	>= 1.7.0, <= 1.8.0	No known fixed version
0 Dependent packages 0 Dependent repositories Affected Version Ranges All affected versions

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and

remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, the new version is set to be released as soon as possible.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-26512
https://lists.apache.org/thread/zb1d62wh8o8pvntrnx4t1hj8vz0pm39p
https://github.com/advisories/GHSA-fj8f-56wc-q36r

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1majhmLTU2d2MtcTM2cs4AA0u5

rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message

Affected Version Ranges

All affected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API