VYPR

Maven package

org.apache.rocketmq/rocketmq-broker

pkg:maven/org.apache.rocketmq/rocketmq-broker

Vulnerabilities (2)

  • CVE-2023-33246KEVMay 24, 2023
    affected >= 5.0.0, < 5.1.1fixed 5.1.1

    For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this

  • CVE-2019-17572May 14, 2020
    affected >= 4.2.0, < 4.6.1fixed 4.6.1

    In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a d