16 matches found
EUVD-2022-0617
Malicious code in bioql PyPI...
CVE-2020-1964
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
K000130278: Apache Heron vulnerability CVE-2021-42010
Security Advisory Description Heron versions = 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. CVE-2021-42010 Impact There is no impact; F5 products are not affected by this...
Apache Heron Injection Vulnerability
Apache Heron is a distributed, fault-tolerant real-time stream processing engine. Heron suffers from an injection vulnerability caused by a lack of escaping in log statements, which can be exploited to achieve CRLF log injection...
com.github.thinker0.heron:heron-common (>=1.0.0 <=1.0.7), com.github.thinker0.heron:heron-kafka-client (>=1.0.0 <=1.0.7) +1 more potentially affected by CVE-2021-42010 via org.apache.heron:heron-api (>=0.20.1-incubating <=0.20.4-incubating)
org.apache.heron:heron-api MAVEN version =0.20.1-incubating, =1.0.0, =1.0.0, =1.0.3, =1.0.7 Source cves: CVE-2021-42010 Source advisory: OSV:GHSA-95W5-Q9VP-5VRM...
Apache Heron 注入漏洞
Apache Heron is a distributed, fault-tolerant real-time stream processing engine. Heron suffers from an injection vulnerability caused by a lack of escaping in log statements, which can be exploited to achieve CRLF log injection...
GHSA-HJGM-F7VX-M5G7 Deserialization of Untrusted Data in Apache Heron
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
Deserialization of Untrusted Data in Apache Heron
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
Remote Code Execution
apache heron is vulnerable to remote code execution. The YAML parser is not configured by default to prevent the instantiation of arbitrary types, resulting in remote code execution vulnerabilities...
Apache Heron Code Issue Vulnerability
Apache Heron is a distributed , fault-tolerant real-time stream processing engine . A code issue vulnerability exists in Apache Heron versions 0.20.2-incubating, 0.20.1-incubating, and 0.20.0-incubating. An attacker could exploit the vulnerability to execute code...
CVE-2020-1964
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
CVE-2020-1964
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
Deserialization of untrusted data
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
CVE-2020-1964
CVE-2020-1964 affects Apache Heron 0.20.2-incubating, 0.20.1-incubating, and v-0.20.0-incubating. The root cause is the YAML parser not configured to prevent instantiation of arbitrary types, leading to remote code execution (CWE-502: Deserialization of Untrusted Data). Public references in multi...
CVE-2020-1964
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
Apache Heron Path Traversal Vulnerability
Apache Heron is a distributed , fault-tolerant real-time stream processing engine . A path traversal vulnerability exists in Apache Heron versions 0.13.0 through 0.17.8, which stems from the program failing to adequately filter user-submitted input. A remote attacker could exploit the vulnerabili...