ChainCatcher news, according to Slow Fog news, Apache RocketMQ has issued a serious security alert, disclosing a remote command execution vulnerability (CVE-2023-37582) with a publicly available PoC on the internet, and there have been cases of attacks.Apache RocketMQ is an open-source distributed messaging and stream processing platform that provides scalable low-latency messaging and stream data processing capabilities, widely used in scenarios such as asynchronous communication, application decoupling, and system integration. The cryptocurrency industry has many platforms that use this product for message services, so please be aware of the risks.Vulnerability description: When the NameServer component of RocketMQ is exposed to the external network and lacks an effective authentication mechanism, attackers can exploit the configuration update feature to execute commands as the system user running RocketMQ.Affected versions:＜RocketMQ 4.9.7＜RocketMQ 5.1.2Remediation:Users of RocketMQ 4.x should upgrade to version 4.9.7 or above;Users of RocketMQ 5.x should upgrade to version 5.1.2 or above. (Source link)