CRITICAL🇵🇱 Wersja polska

CVE-2023-51389

CVSS 9.8v3.1pub. 2024-02-22upd. 2025-01-16

Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability.

🤖 AI Analysis
How it works

The `/define/yml` endpoint accepts YAML data and passes it to the SnakeYAML parser without applying any security mechanisms, such as restricting allowed types. An attacker can provide a crafted YAML payload containing references to unsafe Java classes, whose initialization during deserialization leads to arbitrary code execution. The vulnerability is accessible over the network without requiring authentication and without user interaction.

Impact

An attacker can gain full control over the server, including executing arbitrary system commands, reading or modifying data, and causing service unavailability.

Mitigation & patch

Apache Hertzbeat should be updated to version 1.4.1, which eliminates the vulnerability by applying secure SnakeYAML parser configuration.

Who is affected

Apache Hertzbeat in versions earlier than 1.4.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Hertzbeat

    APP
    Apache
    < 1.4.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2023-51653CRITICAL9.8PL ✓ten sam produkt

Apache Hertzbeat — JNDI injection RCE przez endpoint JMX

CVE-2023-51388CRITICAL9.8PL ✓ten sam produkt

Apache Hertzbeat — script injection via AviatorEvaluator (RCE)

CVE-2026-24343HIGH8.8ten sam produkt

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat...

CVE-2025-24404HIGH8.8ten sam produkt

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attack...

CVE-2025-48208HIGH8.8ten sam produkt

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache H...