Apache: >> Hertzbeat >> 1.4.1 Security Vulnerabilities
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat (incubating): before 1.7.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-16
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-08-20
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-08-20