CVE-2024-39954: Apache EventMesh Runtime: SSRF
oss-sec: CVE-2024-39954: Apache EventMesh Runtime: SSRF
Posted by Xue Weiming on Jun 29 Severity: low
Affected versions:
- Apache EventMesh Runtime (org.apache.eventmesh:eventmesh-runtime) 1.6.0 through 1.11.0
Description:
CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g.
allows the attacker can abuse functionality on the server to read or update internal resources.
Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes...
seclists.org
June 30, 2025 at 3:46 AM
Everybody can reply
Apache EventMesh 1.11 is now available for download.
EventMesh is a new generation serverless event middleware for building distributed event-driven applications.
To download: https://buff.ly/3Q6TruQ #opensource
EventMesh is a new generation serverless event middleware for building distributed event-driven applications.
To download: https://buff.ly/3Q6TruQ #opensource
February 4, 2025 at 1:45 AM
Everybody can reply
1 reposts
3 likes
CVE-2024-56180 - Apache EventMesh Hessian Deserialization Remote Code Execution Vulnerability
CVE ID : CVE-2024-56180
Published : Feb. 14, 2025, 2:15 p.m. | 25 minutes ago
Description : CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in...
CVE ID : CVE-2024-56180
Published : Feb. 14, 2025, 2:15 p.m. | 25 minutes ago
Description : CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in...
CVE-2024-56180 - Apache EventMesh Hessian Deserialization Remote Code Execution Vulnerability
CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo …
cvefeed.io
February 14, 2025 at 4:39 PM
Everybody can reply
1 reposts
1 likes
CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
oss-sec: CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
Posted by Xue Weiming on Feb 14 Severity: moderate
Affected versions:
- Apache EventMesh unaffected
Description:
CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch
without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote
code execute via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo
or...
seclists.org
February 14, 2025 at 3:04 PM
Everybody can reply
1 likes
Another day, another podcast show recording. Happy that @jpenninkhof.bsky.social could join yesterday to talk with #Solace on #EventMesh.
Also happy that the cable mess could be hidden under the table 😃
Also happy that the cable mess could be hidden under the table 😃
January 24, 2025 at 9:20 AM
Everybody can reply
2 likes
Apache EventMesh Runtime: SSRFCWE-918 Server-Side Request Forgery (SSRF) in e... CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e...
Origin | Interest | Match
Origin | Interest | Match
Establishing a secure connection ...
cve.threatint.eu
August 20, 2025 at 10:26 AM
Everybody can reply
ID: CVE-2024-56180
CVSS N/A
CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled...
#security #infosec #cve-alert
CVSS N/A
CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled...
#security #infosec #cve-alert
nvd.nist.gov
February 14, 2025 at 2:15 PM
Everybody can reply
Full house for todays #SAP #CodeJam on #SAPBTP #eventmesh hosted by Antonio from the developer advocates.
January 22, 2025 at 9:17 AM
Everybody can reply
6 likes
Real-Time Revolution: Exploring the future of Event Mesh with #Solace and #SAP, a new #hanacafeNL episode of @jpenninkhof.bsky.social covered last week's user group event.
📺 www.youtube.com/watch?v=0xHh...
🎙 open.spotify.com/episode/06SJ...
#SAPCommunity #SAPBTP #EventMesh
📺 www.youtube.com/watch?v=0xHh...
🎙 open.spotify.com/episode/06SJ...
#SAPCommunity #SAPBTP #EventMesh
Real-Time Revolution: Exploring the future of Event Mesh with Solace and SAP (S10E01)
YouTube video by Twan van den Broek
www.youtube.com
January 27, 2025 at 9:15 AM
Everybody can reply
1 reposts
2 likes