CVE-2020-1964
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-1964
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1964.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-1964
- Aliases
- Published
- 2020-04-16T19:15:28Z
- Modified
- 2024-09-03T03:21:08.719815Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
- References
-
- https://lists.apache.org/thread.html/r16dd39f4180e4443ef4ca774a3a5a3d7ac69f91812c183ed2a99e959%40%3Cdev.heron.apache.org%3E
- https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67%40%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94%40%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94%40%3Cuser.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755%40%3Cdev.ignite.apache.org%3E
Affected packages
Git / github.com/apache/incubator-heron
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/incubator-heron
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affected
Affected versions
0.*
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.8
0.14.9
0.15.0
0.15.0-rc1
0.15.1
0.15.1.5
0.15.2
0.15.2rc1
0.15.2rc2
0.15.2rc3
0.15.3
0.15.3rc1
0.16.0
0.16.0.1
0.16.1
0.16.2
0.16.3
0.16.4
0.16.4.1
0.16.5
0.16.5.1
0.16.5.3
0.17.0
0.17.1
0.17.2
0.17.2.1
0.17.2.2
0.17.3
0.17.3.1
0.17.4
0.17.4.1
0.17.5
0.17.5.1
0.17.6
0.17.7
0.17.8
0.18.0.1
0.18.0.1-tw-1
0.19.0.10
0.19.0.11
0.19.0.12
0.19.0.13
0.19.0.14
0.19.0.15
0.19.0.16
0.19.0.2
0.19.0.3
0.19.0.4
0.19.0.5
0.19.0.6
0.19.0.7
0.19.0.8
0.19.0.9
0.20.1-incubating
0.20.1-incubating-dmitry-rc2
0.20.1-incubating-line
0.20.1-incubating-rc3
0.21.1-incubating-rc2-line
Other
build_test
v-0.*
v-0.20.0-incubating
v-0.20.0-incubating-candidate-1
v-0.20.0-incubating-candidate-1-test
v-0.20.0-incubating-candidate-2
v-0.20.0-incubating-candidate-3
v-0.20.0-incubating-candidate-4
v-0.20.0-incubating-candidate-5
v0.*
v0.20.1-incubating-rc1