apache/rocketmq: The latest CVE Vulnerabilities and Exploits for Penetration Test
apache/rocketmq Vulnerability Summary Vendor name: apache Product name: rocketmq Total vulnerabilities: 1 (as 2023-05-04) apache/rocketmq Vulnerability List CVE-2019-17572: In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on… Published: 2020-05-14T17:15:00 Last Modified: 2020-05-15T18:17:00
Summary
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability.