CVE-2024-45505

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0	Mailing List Vendor Advisory
https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/16/4	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

History

24 Jun 2025, 16:23

Type	Values Removed	Values Added
CPE		cpe:2.3:a:apache:hertzbeat::::::::
First Time		Apache hertzbeat Apache
References	~~() https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0 -~~	() https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0 - Mailing List, Vendor Advisory
References	~~() https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19 -~~	() https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19 - Mailing List, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2024/11/16/4 -~~	() http://www.openwall.com/lists/oss-security/2024/11/16/4 - Mailing List, Third Party Advisory

Information

Published : 2024-11-18 09:15

Updated : 2025-06-24 16:23

NVD link : CVE-2024-45505

Mitre link : CVE-2024-45505

CVE.ORG link : CVE-2024-45505

JSON object : View

Products Affected

apache

hertzbeat

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2024-45505", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-18T09:15:05.870", "references": [{"url": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/16/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando ('Inyecci\u00f3n de comandos') en Apache HertzBeat (en incubaci\u00f3n). Esta vulnerabilidad solo puede ser explotada por atacantes autorizados. Este problema afecta a Apache HertzBeat (en incubaci\u00f3n): versiones anteriores a la 1.6.1. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.6.1, que soluciona el problema."}], "lastModified": "2025-06-24T16:23:59.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31A840B0-6D88-40B3-8EFF-312BCE77DC0D", "versionEndExcluding": "1.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}