CVE-2023-37582

CWE-94 — Code Injection9 documents9 sources

Severity

9.8CRITICAL

EPSS

94.0%

top 0.11%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apache Software Foundation Apache Rocketmq Apache Rocketmq

Timeline

PublishedJul 12

Latest updateOct 27

Description

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 o…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.rocketmq:rocketmq-namesrv5.0.0 — 5.1.2+1

▶NVDapache/rocketmq5.0.0 — 5.1.1+1

▶CVEListV5apache_software_foundation/apache_rocketmq5.0.0 — 5.1.1+1

Patches

Patch: www.openwall.com ↗Patch: lists.apache.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

RocketMQ NameServer component Code Injection vulnerability↗2023-07-12

▶

CVEList

Apache RocketMQ: Possible remote code execution when using the update configuration function↗2023-07-12

▶

OSV

RocketMQ NameServer component Code Injection vulnerability↗2023-07-12

▶

VulnCheck

Apache rocketmq Improper Control of Generation of Code ('Code Injection')↗2023

▶

💥Exploits & PoCs

Nuclei

Apache RocketMQ - Remote Command Execution

▶

🔍Detection Rules

Suricata

ET EXPLOIT Apache RocketMQ Nameserver Arbitrary File Write (CVE-2023-37582)↗2025-10-27

▶

🕵️Threat Intelligence

Wiz

Crying Out Cloud - February Newsletter | Wiz↗2024-02-01

▶

Bleepingcomputer

Hackers target Apache RocketMQ servers vulnerable to RCE attacks↗2024-01-05

▶