Dromara Hertzbeat
6 CVEs affecting Dromara Hertzbeat. Latest disclosed: 2024-02-22. Critical: 3, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-51653 | Critical | 9.8 | 2024-02-22 | Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The… |
CVE-2023-51389 | Critical | 9.8 | 2024-02-22 | Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuratio… |
CVE-2023-51388 | Critical | 9.8 | 2024-02-22 | Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security p… |
CVE-2023-51650 | High | 7.5 | 2023-12-22 | Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulner… |
CVE-2022-39337 | High | 7.5 | 2023-12-22 | Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1… |
CVE-2023-51387 | High | 7.2 | 2023-12-22 | Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be… |