## RocketMQ Broker rocketmqHome Config Remote Command Execution Vulnerability (CVE-2023-33246)

|   **Vulnerability**  | **RocketMQ Broker rocketmqHome Config Remote Command Execution Vulnerability (CVE-2023-33246)**  |
| :----:   | :-----|
| **Chinese name**  | RocketMQ Broker rocketmqHome Config 远程命令执行漏洞（CVE-2023-33246） |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [protocol="rocketmq-broker"](https://en.fofa.info/result?qbase64=cHJvdG9jb2w9InJvY2tldG1xLWJyb2tlciI%3D) |
| **Number of assets affected**  | 10087 |
| **Description**  | Apache RocketMQ is a lightweight data processing platform and messaging engine developed by the Apache Software Foundation in the United States. There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
| **Impact** | There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
  
![](https://github.com/gobysec/GobyVuls/blob/master/CVE-2023-33246.gif)