VYPR

RocketMQ

by Apache

Source repositories

CVEs (3)

  • CVE-2023-33246KEVMay 24, 2023
    risk 0.16cvss epss 0.97

    For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit…

  • CVE-2023-37582Jul 12, 2023
    risk 0.08cvss epss 0.90

    The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this…

  • CVE-2024-23321Jul 22, 2024
    risk 0.00cvss epss 0.01

    For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed…