CVE-2021-42010
published 2022-10-24CVE-2021-42010: Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | heron | < 0.20.5-incubating | 0.20.5-incubating |
| apache_software_foundation | apache_heron | Apache Heron 0.20.4-incubating – 0.20.4-incubating | — |