Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable… Read More »CVE-2022-39135 | Apache Calcite
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped… Read More »CVE-2020-11978 | Apache Airflow
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers… Read More »CVE-2023-41834 | Apache Flink Stateful Functions
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended… Read More »CVE-2023-42503 | Apache Commons Compress
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was… Read More »CVE-2023-41267 | Apache Airflow HDFS Provider
The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included “JkOptions +ForwardDirectories” but the configuration did not provide explicit mounts for… Read More »CVE-2023-41081 | Apache Tomcat Connectors
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft… Read More »CVE-2023-40712 | Apache Airflow
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting… Read More »CVE-2023-40611 | Apache Airflow
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin… Read More »CVE-2023-27522 | Apache HTTP Server
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along… Read More »CVE-2023-25690 | Apache HTTP Server
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into… Read More »CVE-2022-37436 | Apache HTTP Server
Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server… Read More »CVE-2022-36760 | Apache HTTP Server
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond… Read More »CVE-2006-20001 | Apache HTTP Server
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue… Read More »CVE-2022-24963 | Apache Portable Runtime (APR)
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote… Read More »CVE-2023-37941 | Apache Superset