How severe is CVE-2021-42010?

CVE-2021-42010 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2021-42010

Name: heron
Author: apache

9.8CRITICAL

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

发布于: 10/24/2022更新于: 5/7/2025

描述

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

AI分析AI驱动

受影响产品

apacheheron

参考资料

http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/23/2
Mailing ListThird Party Advisory
https://lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2q
Mailing ListVendor Advisory