Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-01 | CVE-2021-25640 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | 6.1 |
2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 7.5 |
2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |
2021-06-01 | CVE-2021-30180 | HTTP Request Smuggling vulnerability in Apache Dubbo Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. | 6.8 |
2021-06-01 | CVE-2021-30181 | Unspecified vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. | 7.5 |
2021-05-27 | CVE-2020-17514 | Unspecified vulnerability in Apache Fineract Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. | 7.4 |
2021-05-26 | CVE-2021-22160 | Improper Verification of Cryptographic Signature vulnerability in Apache Pulsar If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". | 9.8 |
2021-05-25 | CVE-2021-23937 | Information Exposure vulnerability in Apache Wicket A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. | 7.5 |
2021-05-14 | CVE-2021-27737 | Unspecified vulnerability in Apache Traffic Server 9.0.0 Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. | 7.5 |
2021-05-04 | CVE-2021-31164 | Injection vulnerability in Apache Unomi Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. | 7.5 |