[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-42010: Apache Heron (Incubating): CRLF log injection
From:       Josh Fischer <joshfischer () apache ! org>
Date:       2022-10-23 15:04:39
Message-ID: de7dfa60-f860-951d-5a58-8a60b7341b89 () apache ! org
[Download RAW message or body]

Severity: low

Description:

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping \
in the log statements.  Please update to version 0.20.5-incubating which addresses this issue. 

Credit:

The Apache Heron (Incubating) project would like to thank Bo Yu for bringing this matter to our \
attention.


[prev in list] [next in list] [prev in thread] [next in thread]