CVE-2023-51389
published 2024-02-22CVE-2023-51389: Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security…
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.29%
66.7th percentile
Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hertzbeat | < 1.4.1 | 1.4.1 |
| dromara | hertzbeat | < 1.4.1 | 1.4.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/dromara/hertzbeat/commit/97c3f14446d1c96d1fc993df111684926b6cce17https://github.com/dromara/hertzbeat/security/advisories/GHSA-rmvr-9p5x-mm96https://github.com/dromara/hertzbeat/commit/97c3f14446d1c96d1fc993df111684926b6cce17https://github.com/dromara/hertzbeat/security/advisories/GHSA-rmvr-9p5x-mm96
2024-02-22
Published