Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-fj8f-56wc-q36r

GitHub Security Advisory

rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and

remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, the new version is set to be released as soon as possible.

Affected Packages

Maven org.apache.eventmesh:eventmesh-connector-rabbitmq
Affected versions: 1.7.0 (last affected: 1.8.0)

Related CVEs

CVE-2023-26512

Key Information

GHSA ID
GHSA-fj8f-56wc-q36r
Published
July 17, 2023 9:30 AM
Last Modified
July 28, 2023 9:37 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.eventmesh:eventmesh-connector-rabbitmq
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.