Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2021-42010
- EPSS 0.34%
- Veröffentlicht 24.10.2022 14:15:49
- Zuletzt bearbeitet 07.05.2025 16:15:19
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
9.8
CVE-2020-1964
- EPSS 9.86%
- Veröffentlicht 16.04.2020 19:15:28
- Zuletzt bearbeitet 21.11.2024 05:11:44
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (C...
7.8
CVE-2018-11789
- EPSS 2.21%
- Veröffentlicht 21.03.2019 16:00:12
- Zuletzt bearbeitet 21.11.2024 03:44:02
When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F....
1