Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-30 | CVE-2024-45772 | Deserialization of Untrusted Data vulnerability in Apache Lucene Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). | 8.0 |
| 2024-09-26 | CVE-2024-47197 | Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1 Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. | 7.5 |
| 2024-09-04 | CVE-2024-45195 | Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 7.5 |
| 2024-08-21 | CVE-2023-49198 | Unspecified vulnerability in Apache Seatunnel 1.0.0 Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue. | 7.5 |
| 2024-08-20 | CVE-2024-42362 | Deserialization of Untrusted Data vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. | 8.8 |
| 2024-08-12 | CVE-2024-30188 | Unspecified vulnerability in Apache Dolphinscheduler File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue. | 8.1 |
| 2024-08-07 | CVE-2024-42062 | Incorrect Authorization vulnerability in Apache Cloudstack CloudStack account-users by default use username and password based authentication for API and UI access. | 7.2 |
| 2024-08-05 | CVE-2024-36448 | Unspecified vulnerability in Apache Iotdb Workbench 0.13.0 ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. | 7.3 |
| 2024-07-26 | CVE-2023-38522 | Unspecified vulnerability in Apache Traffic Server Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. | 7.5 |
| 2024-07-26 | CVE-2024-35161 | Unspecified vulnerability in Apache Traffic Server Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. | 7.5 |