Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-27 | CVE-2021-30638 | Incorrect Authorization vulnerability in Apache Tapestry Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. | 7.5 |
| 2021-04-27 | CVE-2021-28125 | Open Redirect vulnerability in Apache Superset Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. | 6.1 |
| 2021-04-27 | CVE-2020-17517 | Missing Authentication for Critical Function vulnerability in Apache Ozone 0.4.2/0.5.0/1.0.0 The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. | 7.5 |
| 2021-04-23 | CVE-2021-26291 | Origin Validation Error vulnerability in multiple products Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. | 9.1 |
| 2021-04-21 | CVE-2020-23922 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in giflib through 5.1.4. | 7.1 |
| 2021-04-15 | CVE-2021-30245 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Apache Openoffice The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. | 8.8 |
| 2021-04-15 | CVE-2021-27850 | Deserialization of Untrusted Data vulnerability in Apache Tapestry A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. | 9.8 |
| 2021-04-13 | CVE-2021-29943 | Incorrect Authorization vulnerability in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. | 9.1 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2021-04-13 | CVE-2021-29262 | Insufficiently Protected Credentials vulnerability in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. | 7.5 |