Hummerrisk: >> Hummerrisk >> 0.3.1 Security Vulnerabilities
HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-08
An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-01-16