PT-2026-7141 · Apache · Apache Hertzbeat
Qingran Zhao
·
Publicado
2026-02-09
·
Atualizado
2026-02-11
·
CVE-2026-24343
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache HertzBeat versions 1.7.1 through 1.7.9
Description
An issue exists in Apache HertzBeat related to improper neutralization of data within XPath expressions, potentially leading to XPath Injection. This could allow for crafted XPath expressions to cause uncontrolled resource consumption.
Recommendations
Upgrade to version 1.8.0 to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Hertzbeat