CVE-2020-1964

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
Configurations

Configuration 1

cpe:2.3:a:apache:heron:0.20.2-incubating:*:*:*:*:*:*:*
cpe:2.3:a:apache:heron:0.20.1-incubating:-:*:*:*:*:*:*
cpe:2.3:a:apache:heron:0.20.0-incubating:*:*:*:*:*:*:*

Information

Published : 2020-04-16 07:15

Updated : 2020-06-15 09:15


NVD link : CVE-2020-1964

Mitre link : CVE-2020-1964

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data