Vulnerabilities > Apache > Heron > 0.14.9.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-24 | CVE-2021-42010 | Improper Encoding or Escaping of Output vulnerability in Apache Heron Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. | 9.8 |
| 2019-03-21 | CVE-2018-11789 | Path Traversal vulnerability in Apache Heron When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. | 7.5 |