CVE-2021-42010

Summary

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Heron (Incubating)Apache Heron 0.20.4-incubating <= 0.20.4-incubatingaffected

Weaknesses

  • CRLF Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References