CVE-2026-57111
- EPSS 0.17%
- Veröffentlicht 09.07.2026 07:09:05
- Zuletzt bearbeitet 09.07.2026 19:45:35
Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter) in Apache Helix through 2.0.0 on all platforms allows a remote attacker controlling a web page visited by an authorized user...
CVE-2024-22281
- EPSS 0.73%
- Veröffentlicht 20.08.2024 23:15:03
- Zuletzt bearbeitet 10.07.2025 21:14:16
** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this proj...
CVE-2023-38647
- EPSS 1.52%
- Veröffentlicht 26.07.2023 08:15:10
- Zuletzt bearbeitet 21.11.2024 08:13:58
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lea...
CVE-2022-47500
- EPSS 1.05%
- Veröffentlicht 19.12.2022 11:15:11
- Zuletzt bearbeitet 17.04.2025 15:15:52
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was im...