[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-42010: Apache Heron (Incubating): CRLF log injection
From: Josh Fischer <joshfischer () apache ! org>
Date: 2022-10-23 15:04:39
Message-ID: de7dfa60-f860-951d-5a58-8a60b7341b89 () apache ! org
[Download RAW message or body]
Severity: low
Description:
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping \
in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
Credit:
The Apache Heron (Incubating) project would like to thank Bo Yu for bringing this matter to our \
attention.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic