In fact, the Arbitrary file write vulnerability(CVE-2023-37582) in Apache RocketMQ has already been addressed in the CVE-2023-33246 RCE vulnerability. However, the fix provided for CVE-2023-33246 RCE is not comprehensive as it only resolves the impact on RocketMQ’s broker. This vulnerability affects RocketMQ’s nameserver, and exploiting it allows for arbitrary file write capabilities.
What do you think?
It is nice to know your opinion. Leave a comment.