Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-06-01 CVE-2021-30179 Deserialization of Untrusted Data vulnerability in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces.
network
low complexity
apache CWE-502
critical
9.8
2021-06-01 CVE-2021-30180 HTTP Request Smuggling vulnerability in Apache Dubbo
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server.
network
low complexity
apache CWE-444
critical
9.8
2021-06-01 CVE-2021-30181 Unspecified vulnerability in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server.
network
low complexity
apache
critical
9.8
2021-05-26 CVE-2021-22160 Improper Verification of Cryptographic Signature vulnerability in Apache Pulsar
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none".
network
low complexity
apache CWE-347
critical
9.8
2021-04-27 CVE-2021-30128 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
network
low complexity
apache CWE-502
critical
9.8
2021-04-27 CVE-2021-29200 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
network
low complexity
apache CWE-502
critical
9.8
2021-04-23 CVE-2021-26291 Origin Validation Error vulnerability in multiple products
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.
network
low complexity
apache quarkus oracle CWE-346
critical
9.1
2021-04-15 CVE-2021-27850 Deserialization of Untrusted Data vulnerability in Apache Tapestry
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry.
network
low complexity
apache CWE-502
critical
9.8
2021-04-13 CVE-2021-29943 Incorrect Authorization vulnerability in Apache Solr
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials.
network
low complexity
apache CWE-863
critical
9.1
2021-04-13 CVE-2021-27905 Server-Side Request Forgery (SSRF) vulnerability in Apache Solr
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core.
network
low complexity
apache CWE-918
critical
9.8