How severe is CVE-2021-42010?

CVE-2021-42010 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2021-42010

Name: heron
Author: apache

9.8CRITICAL

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

Опубликовано: 10/24/2022Обновлено: 5/7/2025

Описание

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

ИИ-АнализНа базе ИИ

Затронутые продукты

apacheheron

Ссылки

http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory