Количество 2
Количество 2
CVE-2020-1964
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
GHSA-hjgm-f7vx-m5g7
Deserialization of Untrusted Data in Apache Heron
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-1964 It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data). | CVSS3: 9.8 | 10% Низкий | почти 6 лет назад |
| GHSA-hjgm-f7vx-m5g7 Deserialization of Untrusted Data in Apache Heron | CVSS3: 9.8 | 10% Низкий | около 4 лет назад |
Уязвимостей на страницу