How severe is CVE-2021-42010?

CVE-2021-42010 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2021-42010

Name: heron
Author: apache

9.8CRITICAL

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

Published: 10/24/2022Updated: 5/7/2025

Description

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

AI AnalysisPowered by AI

Affected Products

apacheheron

References

http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory