{"schema_version": "1.6.1", "id": "CVE-2024-42323", "summary": "RCE by snakeYaml deser load malicious xml ", "details": "SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). \n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.0.\n\nUsers are recommended to upgrade to version 1.6.0, which fixes the issue.\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "1.6.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t"}, {"type": "WEB", "url": "https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx"}]}