Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2023-46749 | Path Traversal vulnerability in Apache Shiro Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default). | 6.5 |
| 2024-01-15 | CVE-2023-50290 | Unspecified vulnerability in Apache Solr Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. | 6.5 |
| 2024-01-10 | CVE-2023-49619 | Race Condition vulnerability in Apache Answer Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. | 3.1 |
| 2024-01-06 | CVE-2023-51441 | Server-Side Request Forgery (SSRF) vulnerability in Apache Axis ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. | 7.2 |
| 2024-01-03 | CVE-2023-51784 | Code Injection vulnerability in Apache Inlong Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 | 9.8 |
| 2024-01-03 | CVE-2023-51785 | Deserialization of Untrusted Data vulnerability in Apache Inlong 1.7.0/1.8.0/1.9.0 Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9331 | 7.5 |
| 2023-12-30 | CVE-2023-49299 | Improper Input Validation vulnerability in Apache Dolphinscheduler Improper Input Validation vulnerability in Apache DolphinScheduler. | 8.8 |
| 2023-12-29 | CVE-2023-47804 | Argument Injection or Modification vulnerability in Apache Openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. | 8.8 |
| 2023-12-26 | CVE-2023-51467 | Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code | 9.8 |
| 2023-12-26 | CVE-2023-50968 | Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue. | 7.5 |