{"id":"CVE-2024-56736","summary":"Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss","details":"Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.\n\nThis issue affects Apache HertzBeat (incubating): before 1.7.0.\n\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue.","modified":"2026-05-18T05:56:11.810660919Z","published":"2025-04-16T15:38:11.307Z","database_specific":{"cna_assigner":"apache","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56736.json","cwe_ids":["CWE-918"],"unresolved_ranges":[{"extracted_events":[{"fixed":"1.7.0"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"fixed":"1.7.0"}],"source":"DESCRIPTION"}]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/04/16/1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56736.json"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/kdzg36h9yxp0q0n4lhcfppxntjy8rj1x"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/lwfhsllos1rx9v8k0yhl252cbpqpn0sv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56736"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/hertzbeat","events":[{"introduced":"0"},{"fixed":"b77222765c06e895e61c972dfdf8df38c66e6610"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.7.0"}],"cpe":"cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["v1.6.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56736.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}