Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-50213

Summary
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At-24 Jun, 2025 | 07:06
Updated At-24 Jun, 2025 | 18:03
Rejected At-
Credits

Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apache
Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At:24 Jun, 2025 | 07:06
Updated At:24 Jun, 2025 | 18:03
Rejected At:
▼CVE Numbering Authority (CNA)
Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache Airflow Providers Snowflake
Collection URL
https://pypi.python.org
Package Name
apache-airflow-providers-snowflake
Default Status
unaffected
Versions
Affected
  • From 0 before 6.4.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-75CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Type: CWE
CWE ID: CWE-75
Description: CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
low
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Nhien Pham (@nhienit) at Galaxy One
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/apache/airflow/pull/51734
patch
https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3
vendor-advisory
Hyperlink: https://github.com/apache/airflow/pull/51734
Resource:
patch
Hyperlink: https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@apache.org
Published At:24 Jun, 2025 | 08:15
Updated At:11 Jul, 2025 | 18:36

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

The Apache Software Foundation
apache
>>apache-airflow-providers-snowflake>>Versions before 6.4.0(exclusive)
cpe:2.3:a:apache:apache-airflow-providers-snowflake:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-75Secondarysecurity@apache.org
CWE ID: CWE-75
Type: Secondary
Source: security@apache.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/apache/airflow/pull/51734security@apache.org
Issue Tracking
Patch
https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3security@apache.org
Mailing List
Vendor Advisory
Hyperlink: https://github.com/apache/airflow/pull/51734
Source: security@apache.org
Resource:
Issue Tracking
Patch
Hyperlink: https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3
Source: security@apache.org
Resource:
Mailing List
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

301Records found

CVE-2020-11981
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-91.16% / 99.63%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 23:21
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-11998
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-7.58% / 91.47%
||
7 Day CHG-9.02%
Published-10 Sep, 2020 | 18:10
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-communications_diameter_signaling_routerenterprise_repositorycommunications_session_route_manageractivemqflexcube_private_bankingcommunications_session_report_managercommunications_element_managerApache ActiveMQ
CVE-2020-11982
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-5.66% / 90.02%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 23:21
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-11973
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-9.48% / 92.51%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 16:22
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-communications_diameter_signaling_routercamelenterprise_manager_base_platformflexcube_private_bankingApache Camel
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-11995
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.42% / 79.78%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 09:40
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Dubbo default deserialization protocol Hessian2 cause CRE

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-42013
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.43% / 99.98%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:50
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

Action-Not Available
Vendor-NetApp, Inc.Fedora ProjectThe Apache Software FoundationOracle Corporation
Product-instantis_enterprisetrackcloud_backuphttp_serverfedorasecure_backupjd_edwards_enterpriseone_toolsApache HTTP ServerHTTP Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-48913
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.78%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 09:21
Updated-14 Aug, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxfApache CXF
CWE ID-CWE-20
Improper Input Validation
CVE-2021-41303
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-61.81% / 98.27%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 08:20
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-shirofinancial_services_crime_and_compliance_management_studioApache Shiro
CWE ID-CWE-287
Improper Authentication
CVE-2023-35088
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.55%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 07:10
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache InLong: SQL injection in audit endpoint

Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.  In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8198

Action-Not Available
Vendor-The Apache Software Foundation
Product-inlongApache InLonginlong
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-40146
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.21% / 86.53%
||
7 Day CHG~0.00%
Published-11 Sep, 2021 | 11:05
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.java

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.

Action-Not Available
Vendor-The Apache Software Foundation
Product-any23Apache Any23
CVE-2021-40865
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-49.40% / 97.71%
||
7 Day CHG~0.00%
Published-25 Oct, 2021 | 12:22
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe Pre-Authentication Deserialization In Workers

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

Action-Not Available
Vendor-The Apache Software Foundation
Product-stormApache Storm
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-37579
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-4.56% / 88.77%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:45
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bypass deserialization checks in Apache Dubbo

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization operation with native java serialization. Apache Dubbo 2.7.13, 3.0.2 fixed this issue by quickly fail when any unrecognized request was found.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47868
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.76%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 11:00
Updated-17 Jun, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.

Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-nuttxApache NuttX RTOS: tools/bdf-converter.
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47869
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.76%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 11:00
Updated-17 Jun, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1. This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0. Users of XMLRPC in Apache NuttX RTOS are advised to review their code for this pattern and update buffer sizes as presented in the version of the example in release 12.9.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-nuttxApache NuttX RTOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-46762
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.54%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 09:08
Updated-13 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be executed. The exploit is only applicable if the client code of parquet-avro uses the "specific" or the "reflect" models deliberately for reading Parquet files. ("generic" model is not impacted) Users are recommended to upgrade to 1.15.2 or set the system property "org.apache.parquet.avro.SERIALIZABLE_PACKAGES" to an empty string on 1.15.1. Both are sufficient to fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-parquetApache Parquet Java
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-47436
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6||MEDIUM
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 13:11
Updated-14 Jul, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-orcApache ORC
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-43668
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 13.70%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:07
Updated-16 Sep, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache InLong: Jdbc Connection Security Bypass in InLong

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,  some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... .   Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/8604

Action-Not Available
Vendor-The Apache Software Foundation
Product-inlongApache InLonginlong
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2017-5638
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.27% / 99.93%
||
7 Day CHG~0.00%
Published-11 Mar, 2017 | 02:11
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

Action-Not Available
Vendor-NetApp, Inc.HP Inc.Lenovo Group LimitedAruba NetworksIBM CorporationThe Apache Software FoundationOracle Corporation
Product-strutsstorwize_v7000storage_v5030weblogic_serverstorwize_v3500_firmwareclearpass_policy_manageroncommand_balancestorage_v5030_firmwarestorwize_v7000_firmwarestorwize_v5000storwize_v3500storwize_v5000_firmwareserver_automationApache StrutsStruts
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2017-5645
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.01% / 99.89%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software FoundationOracle CorporationNetApp, Inc.
Product-flexcube_investor_servicingenterprise_linux_desktopinstantis_enterprisetrackfinancial_services_profitability_managementpeoplesoft_enterprise_fin_installsiebel_ui_frameworkmysql_enterprise_monitorcommunications_online_mediation_controlleroncommand_insightrapid_planningoncommand_api_servicesfinancial_services_loan_loss_forecasting_and_provisioningretail_service_backboneinsurance_rules_paletteapplication_testing_suitecommunications_pricing_design_centercommunications_messaging_serverenterprise_manager_base_platformendeca_information_discovery_studioretail_extract_transform_and_loadfinancial_services_behavior_detection_platforminsurance_calculation_enginejdeveloperenterprise_linux_server_tuspolicy_automation_connector_for_siebelfusion_middleware_mapviewerenterprise_manager_for_fusion_middlewareprimavera_gatewayfinancial_services_hedge_management_and_ifrs_valuationsutilities_advanced_spatial_and_operational_analyticsenterprise_linux_server_ausbanking_platformretail_integration_busconfiguration_managersnapcenterenterprise_manager_for_peoplesoftutilities_work_and_asset_managementfinancial_services_analytical_applications_infrastructureretail_advanced_inventory_planninggoldengatepolicy_automationfinancial_services_regulatory_reporting_with_agilereporterjd_edwards_enterpriseone_toolsstorage_automation_storeretail_predictive_application_servercommunications_network_integrityenterprise_manager_for_mysql_databaseapi_gatewayenterprise_linux_server_eusenterprise_linuxtape_library_acslspolicy_automation_for_mobile_devicessoa_suiteretail_open_commerce_platformidentity_manager_connectorbi_publisherinsurance_policy_administrationcommunications_webrtc_session_controllerweblogic_serveridentity_analyticscommunications_converged_application_server_-_service_controllerenterprise_linux_workstationidentity_management_suiteenterprise_linux_servertimesten_in-memory_databaselog4jcommunications_instant_messaging_serverservice_level_managerautovue_vuelink_integrationenterprise_manager_for_oracle_databasefuseretail_clearance_optimization_enginecommunications_service_brokercommunications_interactive_session_recorderfinancial_services_lending_and_leasingoncommand_workflow_automationenterprise_data_qualitygoldengate_application_adaptersin-memory_performance-driven_planningApache Log4j
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-12629
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.89% / 99.87%
||
7 Day CHG~0.00%
Published-14 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.The Apache Software Foundation
Product-jboss_enterprise_application_platformsolrdebian_linuxenterprise_linux_serverubuntu_linuxApache Solr before 7.1 with Apache Lucene before 7.1
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-41313
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.16%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 10:16
Updated-30 Jun, 2025 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Doris: Timing Attack weakness

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dorisApache Dorisdoris
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2021-38540
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-89.91% / 99.55%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 15:05
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow: Variable Import endpoint missed authentication check

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-29953
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.97%
||
7 Day CHG~0.00%
Published-18 Apr, 2025 | 15:23
Updated-09 Jul, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed. The .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether. Users are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future.

Action-Not Available
Vendor-The Apache Software Foundation
Product-activemq_nms_openwireApache ActiveMQ NMS OpenWire Client
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-38647
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 07:52
Updated-02 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Helix: Deserialization vulnerability in Helix workflow and REST

An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run in Helix REST start and Workflow creation. Affect all the versions lower and include 1.2.0. Affected products: helix-core, helix-rest Mitigation: Short term, stop using any YAML based configuration and workflow creation.                   Long term, all Helix version bumping up to 1.3.0 

Action-Not Available
Vendor-The Apache Software Foundation
Product-helixApache Helixhelix
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-37582
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-88.38% / 99.47%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 09:26
Updated-23 Apr, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache RocketMQ: Possible remote code execution when using the update configuration function

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.

Action-Not Available
Vendor-The Apache Software Foundation
Product-rocketmqApache RocketMQ
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-28326
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.88%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 12:36
Updated-23 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OpenMeetings: allows user impersonation

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room

Action-Not Available
Vendor-The Apache Software Foundation
Product-openmeetingsApache OpenMeetingsopenmeetings
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-37924
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-77.07% / 98.92%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 09:19
Updated-02 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Submarine: SQL injection from unauthorized login

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.

Action-Not Available
Vendor-The Apache Software Foundation
Product-submarineApache Submarine
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-37895
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-7.92% / 91.69%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 14:02
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Jackrabbit RMI access can lead to RCE

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI. Users are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore. In general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases. How to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone. The native RMI protocol by default uses port 1099. To check whether it is enabled, tools like "netstat" can be used to check. RMI-over-HTTP in Jackrabbit by default uses the path "/rmi". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control. Turning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:         <servlet>             <servlet-name>RMI</servlet-name>             <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>         </servlet>         <servlet-mapping>             <servlet-name>RMI</servlet-name>             <url-pattern>/rmi</url-pattern>         </servlet-mapping> Find the bootstrap.properties file (in $REPOSITORY_HOME), and set         rmi.enabled=false     and also remove         rmi.host         rmi.port         rmi.url-pattern  If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.

Action-Not Available
Vendor-The Apache Software Foundation
Product-jackrabbitApache Jackrabbit Webapp (jackrabbit-webapp)Apache Jackrabbit Standalone (jackrabbit-standalone and jackrabbit-standalone-components)jackrabbit
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-39275
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-44.80% / 97.49%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-01 May, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ap_escape_quotes buffer overflow

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-Fedora ProjectOracle CorporationThe Apache Software FoundationDebian GNU/LinuxNetApp, Inc.Siemens AG
Product-debian_linuxfedorasinec_nmshttp_servercloud_backupsinema_serverzfs_storage_appliance_kitinstantis_enterprisetrackstoragegridclustered_data_ontapApache HTTP Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-3923
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-90.65% / 99.60%
||
7 Day CHG~0.00%
Published-01 Nov, 2019 | 13:57
Updated-06 Aug, 2024 | 23:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-strutsjboss_enterprise_web_serverStruts
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-35797
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.74% / 72.06%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 09:08
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow Hive Provider Beeline RCE with Principal

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apache-airflow-providers-apache-hiveApache Airflow Apache Hive Providerapache-airflow-providers-apache-hive
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15708
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-23.68% / 95.78%
||
7 Day CHG~0.00%
Published-11 Dec, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-financial_services_market_risk_measurement_and_managementsynapsepeoplesoft_enterprise_peopletoolsApache Synapse
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2023-34478
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 18:24
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+

Action-Not Available
Vendor-The Apache Software Foundation
Product-shiroApache Shiroshiro
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-34340
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 27.24%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 07:01
Updated-09 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials

Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.

Action-Not Available
Vendor-The Apache Software Foundation
Product-accumuloApache Accumuloaccumulo
CWE ID-CWE-287
Improper Authentication
CVE-2023-33246
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.36% / 99.96%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 14:45
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-09-27||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .

Action-Not Available
Vendor-The Apache Software Foundation
Product-rocketmqApache RocketMQRocketMQ
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-38294
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-87.81% / 99.44%
||
7 Day CHG~0.00%
Published-25 Oct, 2021 | 12:22
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shell Command Injection Vulnerability in Nimbus Thrift Server

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.

Action-Not Available
Vendor-The Apache Software Foundation
Product-stormApache Storm
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-30771
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.79%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 07:26
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.

Action-Not Available
Vendor-The Apache Software Foundation
Product-iotdb_web_workbenchApache IoTDB Workbenchiotdb
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-37580
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.99% / 99.88%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 09:35
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ShenYu Admin bypass JWT authentication

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Action-Not Available
Vendor-The Apache Software Foundation
Product-shenyuApache ShenYu Admin
CWE ID-CWE-287
Improper Authentication
CVE-2023-31062
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.58%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 15:47
Updated-09 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache InLong: Privilege escalation vulnerability for InLong

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

Action-Not Available
Vendor-The Apache Software Foundation
Product-inlongApache InLonginlong
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37578
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.58% / 80.85%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 07:05
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution via RMI

Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed.

Action-Not Available
Vendor-The Apache Software Foundation
Product-juddiApache jUDDI
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-31039
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 08:57
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution

Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link:  https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218

Action-Not Available
Vendor-The Apache Software Foundation
Product-brpcApache bRPCbrpc
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36372
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.33%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 09:20
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Original block tokens are persisted and can be retrieved

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ozoneApache Ozone
CWE ID-CWE-273
Improper Check for Dropped Privileges
CVE-2023-29215
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.30%
||
7 Day CHG~0.00%
Published-10 Apr, 2023 | 07:35
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Linkis JDBC EngineCon has a deserialization command execution

In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.

Action-Not Available
Vendor-The Apache Software Foundation
Product-linkisApache Linkislinkis
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-36161
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.73% / 85.40%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 07:45
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unprotected input value toString cause RCE

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-29234
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-87.82% / 99.44%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 08:14
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bypass serialize checks in Apache Dubbo

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-36163
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.61% / 81.03%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 09:25
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe deserialization in providers using the Hessian protocol

In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the body of a POST request directly to a HessianSkeleton: New HessianSkeleton are created without any configuration of the serialization factory and therefore without applying the dubbo properties for applying allowed or blocked type lists. In addition, the generic service is always exposed and therefore attackers do not need to figure out a valid service/method name pair. This is fixed in 2.7.13, 2.6.10.1

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-28706
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 75.95%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 14:54
Updated-22 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow Hive Provider Beeline Remote Command Execution

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflow_hive_providerApache Airflow Hive Providerairflow_hive_provider
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27524
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.9||HIGH
EPSS-80.41% / 99.09%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 15:28
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-01-29||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.

Action-Not Available
Vendor-The Apache Software Foundation
Product-supersetApache SupersetSuperset
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2017-12621
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.41%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.

Action-Not Available
Vendor-The Apache Software Foundation
Product-commons_jellyApache Commons Jelly
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-27602
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.30%
||
7 Day CHG~0.00%
Published-10 Apr, 2023 | 07:36
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Linkis publicsercice module unrestricted upload of file

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2.  For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`

Action-Not Available
Vendor-The Apache Software Foundation
Product-linkisApache Linkislinkis
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found