You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Josh Fischer <jo...@apache.org> on 2022/10/23 15:04:39 UTC

CVE-2021-42010: Apache Heron (Incubating): CRLF log injection

Severity: low

Description:

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements.  Please update to version 0.20.5-incubating which addresses this issue. 

Credit:

The Apache Heron (Incubating) project would like to thank Bo Yu for bringing this matter to our attention.