What is CVE-2023-37582?

CVE-2023-37582 is a vulnerability in Apache Software Foundation Rocketmq, classified under Code Injection. Published 2023-07-12.

Is CVE-2023-37582 known to be exploited?

20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Apache Software Foundation Rocketmq

CVE-2023-37582

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verificati…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.940 (99.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Rocketmq — versions 5.0.0, 0

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc (vendor-advisory)
www.openwall.com/lists/oss-security/2023/07/12/1

Frequently asked questions

What is CVE-2023-37582?: CVE-2023-37582 is a vulnerability in Apache Software Foundation Rocketmq, classified under Code Injection. Published 2023-07-12.
Is CVE-2023-37582 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.