Springkill

**Name of the Vulnerable Software and Affected Versions** Apache HertzBeat versions prior to 1.7.0 **Description** An XML injection Remote Code Execution (RCE) vulnerability exists in Apache HertzBeat due to parsing of HTTP sitemap XML responses. An attacker with an authenticated account and access can trigger the vulnerability by adding a monitor that parses XML and returns specially crafted content. **Recommendations** Upgrade to version 1.7.0.

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 2.10.2 **Description** The issue allows attackers to forge JWT and take over services due to the JWT secret being hardcoded in the code. Additionally, the UID and OID are also hardcoded. This has been fixed in version 2.10.2. **Recommendations** For versions prior to 2.10.2, update to version 2.10.2 to resolve the issue. As a temporary workaround, consider restricting access to services that use the hardcoded JWT secret until the update is applied.

**Name of the Vulnerable Software and Affected Versions** sofahessian versions prior to 3.5.5 **Description** The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. However, there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. **Recommendations** To resolve the issue, upgrade to sofahessian version 3.5.5. For users unable to upgrade, maintain a blacklist in the directory `external/serialize.blacklist` as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 1.18.25 **Description** DataEase is an open source data visualization analysis tool. The PostgreSQL data source function allows customization of JDBC connection parameters and the PG server target. However, the PgConfiguration class in backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java does not filter any parameters and directly concatenates user input. This allows an attacker to add parameters to the JDBC URL and connect to a malicious PG server, triggering the PG JDBC deserialization vulnerability. The attacker can then execute system commands and obtain server privileges through the deserialization vulnerability. **Recommendations** For versions prior to 1.18.25, update to version 1.18.25 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the PostgreSQL data source function to minimize the risk of exploitation. Avoid using customized JDBC connection parameters and PG server targets until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** y project RuoYi versions up to 4.7.7 **Description** A vulnerability was found in the function `filterKeyword`. The manipulation of the argument `value` leads to resource consumption. **Recommendations** For versions up to 4.7.7, consider disabling the `filterKeyword` function until a patch is available to prevent resource consumption due to argument manipulation.