Vulnerabilities > Apache > Unomi > 1.5.1

DATE CVE VULNERABILITY TITLE RISK
2021-05-04 CVE-2021-31164 Injection vulnerability in Apache Unomi
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
network
low complexity
apache CWE-74
7.5
7.5
2020-11-24 CVE-2020-13942 Injection vulnerability in Apache Unomi 1.5.0/1.5.1
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint.
network
low complexity
apache CWE-74
critical
 9.8
9.8