How severe is CVE-2021-42010?

CVE-2021-42010 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2021-42010

Name: heron
Author: apache

9.8CRITICAL

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

게시됨: 10/24/2022업데이트됨: 5/7/2025

설명

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

AI 분석AI 기반

영향받는 제품

apacheheron

참조

http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory