Maven package
org.apache.rocketmq/rocketmq-namesrv
pkg:maven/org.apache.rocketmq/rocketmq-namesrv
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-37582 | — | < 4.9.7 | 4.9.7 | Jul 12, 2023 | The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerab | ||
| CVE-2023-33246 | — | KEV | >= 4.0.0, < 4.9.6 | 4.9.6 | May 24, 2023 | For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this |
- CVE-2023-37582Jul 12, 2023affected < 4.9.7fixed 4.9.7
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerab
- affected >= 4.0.0, < 4.9.6fixed 4.9.6
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this