Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-10 | CVE-2021-30641 | Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' | 5.3 |
| 2021-06-08 | CVE-2021-33190 | Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Apisix Dashboard 2.6 In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. | 5.3 |
| 2021-06-07 | CVE-2021-29621 | Information Exposure Through Discrepancy vulnerability in multiple products Flask-AppBuilder is a development framework, built on top of Flask. | 5.3 |
| 2021-06-01 | CVE-2021-25640 | Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | 6.1 |
| 2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 9.8 |
| 2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |
| 2021-06-01 | CVE-2021-30180 | HTTP Request Smuggling vulnerability in Apache Dubbo Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. | 9.8 |
| 2021-06-01 | CVE-2021-30181 | Unspecified vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. | 9.8 |
| 2021-05-27 | CVE-2020-17514 | Unspecified vulnerability in Apache Fineract Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. | 7.4 |
| 2021-05-26 | CVE-2021-22160 | Improper Verification of Cryptographic Signature vulnerability in Apache Pulsar If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". | 9.8 |