Vulnerabilities > Apache > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |
2021-06-01 | CVE-2021-30180 | HTTP Request Smuggling vulnerability in Apache Dubbo Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. | 9.8 |
2021-06-01 | CVE-2021-30181 | Unspecified vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. | 9.8 |
2021-05-26 | CVE-2021-22160 | Improper Verification of Cryptographic Signature vulnerability in Apache Pulsar If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". | 9.8 |
2021-04-27 | CVE-2021-30128 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 version | 9.8 |
2021-04-27 | CVE-2021-29200 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack | 9.8 |
2021-04-23 | CVE-2021-26291 | Origin Validation Error vulnerability in multiple products Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. | 9.1 |
2021-04-15 | CVE-2021-27850 | Deserialization of Untrusted Data vulnerability in Apache Tapestry A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. | 9.8 |
2021-04-13 | CVE-2021-29943 | Incorrect Authorization vulnerability in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. | 9.1 |
2021-04-13 | CVE-2021-27905 | Server-Side Request Forgery (SSRF) vulnerability in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. | 9.8 |