Apache Software Foundation Apache Hertzbeat vulnerabilities

6 known vulnerabilities affecting apache_software_foundation/apache_hertzbeat.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2026-24343HIGHCVSS 8.8≥ 1.7.1, < 1.8.02026-02-10

CVE-2026-24343 [HIGH] CWE-643 CVE-2026-24343: Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVE-2024-56736MEDIUMCVSS 6.5fixed in 1.7.02025-04-16

CVE-2024-56736 [MEDIUM] CWE-918 CVE-2024-56736: Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache Her Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

CVE-2024-45505HIGHCVSS 8.8fixed in 1.6.12024-11-18

CVE-2024-45505 [HIGH] CWE-77 CVE-2024-45505: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVE-2024-41151HIGHCVSS 8.8fixed in 1.6.12024-11-18

CVE-2024-41151 [HIGH] CWE-502 CVE-2024-41151: Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVE-2024-45791HIGHCVSS 7.5fixed in 1.6.12024-11-18

CVE-2024-45791 [HIGH] CWE-200 CVE-2024-45791: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVE-2024-42323HIGHCVSS 8.8fixed in 1.6.02024-09-21

CVE-2024-42323 [HIGH] CWE-502 CVE-2024-42323: SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulner SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.