Xuxiaoyu

**Name of the Vulnerable Software and Affected Versions** Apache EventMesh (incubating) versions 1.7.0 through 1.8.0 **Description** The issue is related to the deserialization of untrusted data in the rabbitmq-connector plugin module, allowing attackers to send controlled messages and execute remote code via rabbitmq messages. This can be exploited by attackers to execute arbitrary code. **Recommendations** For Apache EventMesh (incubating) versions 1.7.0 through 1.8.0, users can use the code under the master branch in the project repository to fix this issue. A new version with the fix is set to be released as soon as possible. As a temporary workaround, consider restricting access to the rabbitmq-connector plugin module to minimize the risk of exploitation.