← Zuruck zu CVEs
CVE-2024-39954
MEDIUM6.3
Beschreibung
CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.
CVE Details
CVSS v3.1 Bewertung6.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht8/20/2025
Zuletzt geandert8/21/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apache:eventmesh
Schwachen (CWE)
CWE-918
Referenzen
https://lists.apache.org/thread/v6c96zygqx8xc2k3n2d59mgnm5txhkon(security@apache.org)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.