Every CVE whose affected-product data names Apache Heron, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-1964 — CVSS 9.8 (critical): It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML…
CVE-2021-42010 — CVSS 9.8 (critical): Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to…
CVE-2018-11789 — CVSS 7.5 (high): When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host…