Every CVE whose affected-product data names Apache Eventmesh, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2024-56180 — CVSS 9.8 (critical): CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release…
CVE-2024-39954 — CVSS 6.3 (medium): CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker…