Description
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
References
https://securitylab.github.com/advisories/GHSL-2023-254_GHSL-2023-256_HertzBeat/
https://github.com/apache/hertzbeat/pull/1611
https://github.com/apache/hertzbeat/pull/1620
https://github.com/apache/hertzbeat/commit/79f5408e345e8e89da97be05f43e3204a950ddfb
https://github.com/apache/hertzbeat/commit/9dbbfb7812fc4440ba72bdee66799edd519d06bb