You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Josh Fischer <jo...@apache.org> on 2022/10/23 15:04:39 UTC
CVE-2021-42010: Apache Heron (Incubating): CRLF log injection
Severity: low
Description:
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
Credit:
The Apache Heron (Incubating) project would like to thank Bo Yu for bringing this matter to our attention.