63 docs tagged with "Apache"

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vul

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rul

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attack

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default conf

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 1

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing defa

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache O

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environme

MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before versi

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apac

The ReplicationHandler (normally registered at '/replication' under a Solr core) in Apache Solr has

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perfor

Apache OFBiz has unsafe deserialization prior to 17.12.07 version

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This al

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker co

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attac

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framewo

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere El

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Adm

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers.

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.en

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious cod

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resu

A possible security vulnerability has been identified in Apache Kafka Connect API.This requires acc

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Reque

Apache James server version 3.7.3 and earlier provides a JMX management service without authenticati

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserializa

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Pr

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1

If an attacker gains write access to the Apache Superset metadata database, they could persist a spe

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below,

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Control

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apa

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPC no longer maintained still present.Thi

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.The Solr Me

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous T

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious use

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apac