Skip to main content

Heron

1 CVEs product

Monthly

CVE-2020-1964 Maven CRITICAL PATCH Act Now

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Heron
NVD
CVSS 3.1
9.8
EPSS
4.8%
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy