Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1majhmLTU2d2MtcTM2cs4AA0u5

rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and

remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, the new version is set to be released as soon as possible.

Permalink: https://github.com/advisories/GHSA-fj8f-56wc-q36r
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1majhmLTU2d2MtcTM2cs4AA0u5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: about 1 year ago


CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Percentage: 0.00695
EPSS Percentile: 0.80827

Identifiers: GHSA-fj8f-56wc-q36r, CVE-2023-26512
References: Blast Radius: 1.0

Affected Packages

maven:org.apache.eventmesh:eventmesh-connector-rabbitmq
Dependent packages: 0
Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 1.7.0, <= 1.8.0
No known fixed version
All affected versions: