Browse all 3 CVE security advisories affecting apolloconfig. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Apolloconfig is a distributed configuration management platform primarily used for centralized configuration management in microservices architectures. Historically, it has been susceptible to remote code execution (RCE) vulnerabilities due to unsafe deserialization and improper input validation, as well as cross-site scripting (XSS) flaws through insufficient output encoding. Privilege escalation vulnerabilities have also been identified, allowing unauthorized access to sensitive configuration data. The platform's security posture has been impacted by multiple critical vulnerabilities, including CVE-2021-40960 and CVE-2021-40961, which could lead to complete system compromise. These issues highlight the risks associated with improper handling of user inputs and insufficient access controls in configuration management systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-43397 | Potential unauthorized access issue in apollo-portal — apolloCWE-284 | 4.3 | Medium | 2024-08-20 |
| CVE-2023-25570 | Apollo has potential access control security issue in eureka — apolloCWE-306 | 7.5 | High | 2023-02-20 |
| CVE-2023-25569 | apollo-portal has potential CSRF issue — apolloCWE-352 | 5.7 | Medium | 2023-02-20 |
This page lists every published CVE security advisory associated with apolloconfig. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.