CVE-2020-1964
CVSS v3.1
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
3.42 % (92th)
Affected Products
1
Advisories
1
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
Weaknesses
- CWE-502
- Deserialization of Untrusted Data
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2020-04-16 19:15:28
(4 years ago) - Updated Date
-
2023-11-07 03:19:38
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...