CNNVD-202508-2505 Information

CNNVD ID

CNNVD-202508-2505

Related CVE

CVE-2024-39954

• CNNVD Published: 2025-08-20

Description (Chinese)

Apache EventMesh是美国阿帕奇（Apache）基金会的新一代无服务器事件中间件，用于构建分布式事件驱动应用程序。 Apache EventMesh存在安全漏洞，该漏洞源于WebhookUtil.java中存在服务端请求伪造漏洞，可能导致读取或更新内部资源。

Description (English)

Apache EventMesh is the middle of the new generation of non-server events of the Apache Foundation in the United States for the construction of distributed event driven applications. There is a security loophole in Apache EventMesh, which stems from a false gap in the service-level request in WebbrookUtil.java, which may lead to reading or updating internal resources.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-08-20

Last Modified

2026-02-24

References

https://lists.apache.org/thread/v6c96zygqx8xc2k3n2d59mgnm5txhkon https://nvd.nist.gov/vuln/detail/CVE-2024-39954

Patch

https://eventmesh.apache.org/