漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache HertzBeat (incubating): RCE by parse http sitemap xml response
Vulnerability Description
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with access, and add monitor parsed by xml, returned special content can trigger the XML parsing vulnerability. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
XML注入(XPath盲注)
Vulnerability Title
Apache HertzBeat 安全漏洞
Vulnerability Description
Apache HertzBeat是美国阿帕奇(Apache)公司的一个可以监控各种组件的工具。 Apache HertzBeat 1.7.0之前版本存在安全漏洞,该漏洞源于XML解析漏洞,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A