Apache RocketMQ is a cloud native messaging and streaming platform, making it simple to build event-driven applications.
21.31k
stars
11.72k
forks
source link
Some of the components introduced in rocketmq have some vulnerabilities. #7127
Closed
wzTestAI closed 3 months ago
Before Creating the Bug Report
[X] I found a bug, not just asking a question, which should be created in GitHub Discussions.
[X] I have searched the GitHub Issues and GitHub Discussions of this repository and believe that this is not a duplicate.
[X] I have confirmed that this bug belongs to the current repository, not other repositories of RocketMQ.
Runtime platform environment
NA
RocketMQ version
4.9.6 & 4.9.7
JDK Version
No response
Describe the Bug
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">
组件 | 漏洞编码 -- | -- apache tomcat-8.5.46 | CVE-2013-4286 CVE-2016-9775 CVE-2019-12418 CVE-2019-17563 CVE-2019-2684 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935 CVE-2020-13943 CVE-2020-17527 CVE-2020-1935 CVE-2020-1938 CVE-2020-9484 CVE-2021-24122 CVE-2021-25122 CVE-2021-25329 CVE-2021-30639 CVE-2021-30640 CVE-2021-33037 CVE-2021-41079 CVE-2021-42340 CVE-2021-43980 CVE-2022-23181 CVE-2022-25762 CVE-2022-29885 CVE-2022-34305 CVE-2022-42252 CVE-2022-45143 CVE-2023-24998 CVE-2023-28708 netty-4.1.65.final | CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-24823 CVE-2022-41881 CVE-2022-41915 CVE-2023-34462 guava-31.0.1 | CVE-2023-2976 okio-2.8.0 | CVE-2023-3635 the legion of the bouncy castle-1.69 | CVE-2023-33201