Vulnerabilities > Apache > Helix

DATE CVE VULNERABILITY TITLE RISK
2023-07-26 CVE-2023-38647 Unspecified vulnerability in Apache Helix 0.9.10/0.9.9/1.2.0
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader.
network
low complexity
apache
critical
9.8
2022-12-19 CVE-2022-47500 Unspecified vulnerability in Apache Helix 0.9.10/0.9.9
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding.  User please upgrade to 1.1.0 to fix this issue.
network
low complexity
apache
6.1