CVE-2020-1964

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 3.42 % (92^th)

Affected Products 1

Advisories 1

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).

Weaknesses

CWE-502: Deserialization of Untrusted Data

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2020-04-16 19:15:28
(4 years ago)
Updated Date: 2023-11-07 03:19:38
(10 months ago)

Affected Products

Apache

Heron

Configuration #1

		CPE23	From	Up To
	Apache Heron 0.20.0-incubating	cpe:2.3:a:apache:heron:0.20.0-incubating
	Apache Heron 0.20.1-incubating	cpe:2.3:a:apache:heron:0.20.1-incubating:-
	Apache Heron 0.20.2-incubating	cpe:2.3:a:apache:heron:0.20.2-incubating