CVE-2024-22281
- EPSS 0.27%
- Published 20.08.2024 23:15:03
- Last modified 10.07.2025 21:14:16
** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this proj...
CVE-2023-38647
- EPSS 0.65%
- Published 26.07.2023 08:15:10
- Last modified 21.11.2024 08:13:58
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lea...
CVE-2022-47500
- EPSS 1.18%
- Published 19.12.2022 11:15:11
- Last modified 17.04.2025 15:15:52
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was im...