What is CVE-2024-42323?

CVE-2024-42323 is a vulnerability in Apache Software Foundation Hertzbeat, classified under Deserialization of Untrusted Data. Published 2024-09-21.

Is CVE-2024-42323 known to be exploited?

20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Apache Software Foundation Hertzbeat

CVE-2024-42323

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommend…

Vulnerability class: Insecure Deserialization

EPSS: 0.756 (98.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Hertzbeat — versions 0

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

References

lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t (vendor-advisory)
lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx (vendor-advisory)

Frequently asked questions

What is CVE-2024-42323?: CVE-2024-42323 is a vulnerability in Apache Software Foundation Hertzbeat, classified under Deserialization of Untrusted Data. Published 2024-09-21.
Is CVE-2024-42323 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.