CVE-2024-56736: Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss
Description
Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat (incubating): before 1.7.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
Classification
CVE ID: CVE-2024-56736
Problem Types
CWE-918 Server-Side Request Forgery (SSRF)Affected Products
Vendor: Apache Software Foundation
Product: Apache HertzBeat
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 5.75% (scored less or equal to compared to others)
EPSS Date: 2025-04-20 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-56736https://lists.apache.org/thread/kdzg36h9yxp0q0n4lhcfppxntjy8rj1x
https://lists.apache.org/thread/lwfhsllos1rx9v8k0yhl252cbpqpn0sv