/CVE-2023-33246-Copy

1. 参考学习

CVE-2023-33246 https://github.com/I5N0rth/CVE-2023-33246

2. 本地搭建环境

2.1 下载镜像

# docker pull apache/rocketmq:4.9.1
# docker pull apacherocketmq/rocketmq-console:2.0.0

2.2 启动broker、namesrv、console

启动namesrv

docker run -dit -p 9876:9876 -p 10909:10909 --name mqsrv -e "MAX_POSSIBLE_HEAP=100000000" apache/rocketmq:4.9.1 sh mqnamesrv /bin/bash

启动broker

docker run -dit -p 10909:10909 -p 10911:10911 --name mqbroker --restart=always --link mqsrv:namesrv -e "NAMESRV_ADDR=namesrv:9876" -e "MAX_POSSIBLE_HEAP=200000000" apache/rocketmq:4.9.1 sh mqbroker -c /home/rocketmq/rocketmq-4.9.1/conf/broker.conf

启动console

docker run -dit --name mqconsole -p 8080:8080 -e "JAVA_OPTS=-Drocketmq.config.namesrvAddr=mqsrv:9876 -Drocketmq.config.isVIPChannel=false" apacherocketmq/rocketmq-console:2.0.0

PS: 注意broker、console启动时会指定关联namesrv的地址

3. 可能遇到的问题

修改pom.xml添加依赖

<dependency>
    <groupId>org.apache.rocketmq</groupId>
    <artifactId>rocketmq-tools</artifactId>
    <version>4.8.0</version>
</dependency>

4. 依赖下载报错

参考链接:Error: java: 程序包org.apache.xxxxxx不存在