CVE-2024-39954

Name of the Vulnerable Software and Affected Versions: Apache EventMesh versions prior to 1.12.0

Description: This issue is a Server-Side Request Forgery (SSRF) within the eventmesh-runtime module, specifically in the WebhookUtil.java file, affecting Windows, Linux, and macOS operating systems. The flaw allows an attacker to exploit server functionality to read or update internal resources. SSRF occurs when a server processes user-supplied data in a way that causes it to make requests to unintended locations.

Recommendations: Upgrade to version 1.12.0 or use the master branch to resolve this issue.