{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T07:37:11.819","vulnerabilities":[{"cve":{"id":"CVE-2023-51389","sourceIdentifier":"security-advisories@github.com","published":"2024-02-22T16:15:53.623","lastModified":"2025-01-16T19:08:36.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability."},{"lang":"es","value":"Hertzbeat es un sistema de monitorización en tiempo real. En la interfaz de `/define/yml`, SnakeYAML se usa como analizador para analizar el contenido yml, pero no se usa ninguna configuración de seguridad, lo que genera una vulnerabilidad de deserialización de YAML. La versión 1.4.1 corrige esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.1","matchCriteriaId":"0B4E8400-424B-4FCB-81C8-5D559B146130"}]}]}],"references":[{"url":"https://github.com/dromara/hertzbeat/commit/97c3f14446d1c96d1fc993df111684926b6cce17","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/dromara/hertzbeat/security/advisories/GHSA-rmvr-9p5x-mm96","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/dromara/hertzbeat/commit/97c3f14446d1c96d1fc993df111684926b6cce17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/dromara/hertzbeat/security/advisories/GHSA-rmvr-9p5x-mm96","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}