CVE-2020-1964
- Source
- https://cve.org/CVERecord?id=CVE-2020-1964
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1964.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-1964
- Aliases
- Published
- 2020-04-16T19:15:28.290Z
- Modified
- 2026-03-10T23:13:26.352876Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
- References
-
- https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755%40%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67%40%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94%40%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94%40%3Cuser.ignite.apache.org%3E
- https://lists.apache.org/thread.html/r16dd39f4180e4443ef4ca774a3a5a3d7ac69f91812c183ed2a99e959%40%3Cdev.heron.apache.org%3E
Affected packages
Git / github.com/apache/incubator-heron
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/incubator-heron
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "0.20.0-incubating" }, { "introduced": "0" }, { "last_affected": "0.20.1-incubating-NA" }, { "introduced": "0" }, { "last_affected": "0.20.2-incubating" } ] }
Affected versions
0.*
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.14.5
0.14.8
0.14.9
0.15.0
0.15.0-rc1
0.15.1
0.15.1.5
0.15.2
0.15.2rc1
0.15.2rc2
0.15.2rc3
0.15.3
0.15.3rc1
0.16.0
0.16.0.1
0.16.1
0.16.2
0.16.3
0.16.4
0.16.4.1
0.16.5
0.16.5.1
0.16.5.3
0.17.0
0.17.1
0.17.2
0.17.2.1
0.17.2.2
0.17.3
0.17.3.1
0.17.4
0.17.4.1
0.17.5
0.17.5.1
0.17.6
0.17.7
0.17.8
0.18.0.1
0.18.0.1-tw-1
0.19.0.10
0.19.0.2
0.19.0.3
0.19.0.4
0.19.0.5
0.19.0.6
0.19.0.7
0.19.0.8
0.19.0.9
v-0.*
v-0.20.0-incubating
v-0.20.0-incubating-candidate-1
v-0.20.0-incubating-candidate-1-test
v-0.20.0-incubating-candidate-2
v-0.20.0-incubating-candidate-3
v-0.20.0-incubating-candidate-4
v-0.20.0-incubating-candidate-5