VYPR

Maven package

org.apache.rocketmq/rocketmq-namesrv

pkg:maven/org.apache.rocketmq/rocketmq-namesrv

Vulnerabilities (2)

  • CVE-2023-37582Jul 12, 2023
    affected < 4.9.7fixed 4.9.7

    The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerab

  • CVE-2023-33246KEVMay 24, 2023
    affected >= 4.0.0, < 4.9.6fixed 4.9.6

    For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this