oss-sec mailing list archives
CVE-2021-42010: Apache Heron (Incubating): CRLF log injection
From: Josh Fischer <joshfischer () apache org>
Date: Sun, 23 Oct 2022 15:04:39 +0000
Severity: low Description: Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. Credit: The Apache Heron (Incubating) project would like to thank Bo Yu for bringing this matter to our attention.
Current thread:
- CVE-2021-42010: Apache Heron (Incubating): CRLF log injection Josh Fischer (Oct 23)