Home > Vulnerability Database > CVE-2023-26512

Mend.io Vulnerability Database

CVE-2023-26512

Good to know:

Date: July 17, 2023

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.

Language: Java

Severity Score

9.8

Related Resources (5)

Url: https://seclists.org/oss-sec/2023/q3/40

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-26512

Url: https://github.com/apache/eventmesh/commit/b2885b20a4fb7c0fc03430eeafb9e2a524675d24

Url: https://lists.apache.org/thread/zb1d62wh8o8pvntrnx4t1hj8vz0pm39p

Url: https://www.mend.io/vulnerability-database/CVE-2023-26512

Severity Score

9.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

Upgrade Version

Upgrade to version org.apache.eventmesh:eventmesh-connector-rabbitmq:1.10.0-release

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-26512

Good to know:

Date: July 17, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?