Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

hertzbeat — Vulnerabilities & Security Advisories 8

All 8 CVE vulnerabilities found in hertzbeat, with AI-generated Chinese analysis, references, and POCs.

Vendor: dromara

CVE IDTitleCVSSSeverityPublished
CVE-2024-42362 GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import CWE-502 8.8 High2024-08-20
CVE-2024-42361 GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull} CWE-89 7.5 High2024-08-20
CVE-2023-51389 HertzBeat SnakeYAML Deser RCE CWE-502 9.8 Critical2024-02-22
CVE-2023-51388 HertzBeat AviatorScript Inject RCE CWE-74 9.8 Critical2024-02-22
CVE-2023-51653 Hertzbeat JMX JNDI RCE CWE-74 9.8 Critical2024-02-22
CVE-2023-51650 Unauthorized access vulnerability on three interfaces CWE-862 7.5 High2023-12-22
CVE-2023-51387 Expression Injection Vulnerability in Hertzbeat CWE-94 7.2 High2023-12-22
CVE-2022-39337 Permission bypass due to incorrect configuration in github.com/dromara/hertzbeat CWE-284 7.5 High2023-12-22

All 8 known CVE vulnerabilities affecting hertzbeat with full Chinese analysis, references, and POCs where available.