Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2021-36152 | Unspecified vulnerability in Apache Gobblin 0.15.0 Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. | 9.8 |
| 2022-01-25 | CVE-2021-45029 | Code Injection vulnerability in Apache Shenyu 2.4.0/2.4.1 Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. | 9.8 |
| 2022-01-25 | CVE-2022-23944 | Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1 User can access /plugin api without authentication. | 9.1 |
| 2022-01-18 | CVE-2022-23305 | SQL Injection vulnerability in multiple products By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. | 9.8 |
| 2022-01-10 | CVE-2021-43297 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2022-01-06 | CVE-2021-31522 | Unsafe Reflection vulnerability in Apache Kylin Kylin can receive user input and load any class through Class.forName(...). | 9.8 |
| 2022-01-06 | CVE-2021-45456 | Command Injection vulnerability in Apache Kylin 4.0.0 Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. | 9.8 |
| 2022-01-04 | CVE-2021-40525 | Path Traversal vulnerability in Apache James Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. | 9.1 |
| 2021-12-27 | CVE-2021-45232 | Missing Authentication for Critical Function vulnerability in Apache Apisix Dashboard In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication. | 9.8 |
| 2021-12-23 | CVE-2021-44548 | Path Traversal vulnerability in Apache Solr An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. | 9.8 |