Dromara Hertzbeat

6 CVEs affecting Dromara Hertzbeat. Latest disclosed: 2024-02-22. Critical: 3, High: 3.

Top CVEs affecting Dromara Hertzbeat
CVESeverityScorePublishedSummary
CVE-2023-51653Critical9.82024-02-22Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The…
CVE-2023-51389Critical9.82024-02-22Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuratio…
CVE-2023-51388Critical9.82024-02-22Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security p…
CVE-2023-51650High7.52023-12-22Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulner…
CVE-2022-39337High7.52023-12-22Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1…
CVE-2023-51387High7.22023-12-22Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be…