Dromara HertzBeat 1.4.1
Approved changes feed: RSS · Atom
cpe:2.3:a:dromara:hertzbeat:1.4.1:*:*:*:*:*:*:*
part: a version: 1.4.1 update: *
| Vendor | Dromara (b947c778-a342-54de-aeca-3412ce9a5af8) |
|---|---|
| Product | Hertzbeat (46ebb008-266f-52d8-83f0-ebddd2618901) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/dromara/hertzbeat |
purl2cpe | 2026-06-01 10:16:59.812125 |
pkg:gitee/dromara/hertzbeat |
purl2cpe | 2026-06-01 10:16:59.812126 |
pkg:github/dromara/hertzbeat |
purl2cpe | 2026-06-01 10:16:59.812128 |
pkg:sourceforge/hertzbeat.mirror |
purl2cpe | 2026-06-01 10:16:59.812129 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-51653 |
vulnerable | 2026-06-08 06:17:53.680993 |
Hertzbeat JMX JNDI RCE
CRITICAL (9.8)
Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue.
Published: 2024-02-22T15:39:49.280Z
Updated: 2025-04-22T16:19:23.604Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.