How severe is CVE-2021-42010?

CVE-2021-42010 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2021-42010

Name: heron
Author: apache

9.8CRITICAL

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

公開日: 10/24/2022更新日: 5/7/2025

説明

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

AI分析AIによる分析

影響を受ける製品

apacheheron

参照

http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory