Maven package
org.apache.rocketmq/rocketmq-broker
pkg:maven/org.apache.rocketmq/rocketmq-broker
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-33246 | — | KEV | >= 5.0.0, < 5.1.1 | 5.1.1 | May 24, 2023 | For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this | |
| CVE-2019-17572 | — | >= 4.2.0, < 4.6.1 | 4.6.1 | May 14, 2020 | In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a d |
- affected >= 5.0.0, < 5.1.1fixed 5.1.1
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this
- CVE-2019-17572May 14, 2020affected >= 4.2.0, < 4.6.1fixed 4.6.1
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a d