Apache RocketMQ Issues Critical Security Alert

According to SlowMist, Apache RocketMQ issued a serious security alert on July 12, disclosing a remote command execution vulnerability (CVE-2023-37582). At present, the PoC is public on the Internet, and there have been attack cases. Apache RocketMQ is an open source distributed message and stream processing platform that provides efficient, reliable, and scalable low-latency message and stream data processing capabilities, and is widely used in scenarios such as asynchronous communication, application decoupling, and system integration. There are a large number of platforms in the cryptocurrency industry that use this product to process message services, and pay attention to risks. When the NameServer component of RocketMQ is exposed to the external network and lacks an effective authentication mechanism, an attacker can use the update configuration function to execute commands as the system user running RocketMQ. Affects RocketMQ 4.9.7 and RocketMQ 5.1.2. Fix: Users using RocketMQ 4.x should upgrade to 4.9.7 or above. Users using RocketMQ 5.x version upgrade to 5.1.2 or above.