Critical severity9.8NVD Advisory· Published Apr 16, 2020· Updated Jun 17, 2026
CVE-2020-1964
CVE-2020-1964
Description
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.heron:heron-simulatorMaven | >= 0.20.0-incubating, < 0.20.3-incubating | 0.20.3-incubating |
Affected products
2- Apache/Herondescription
- ghsa-coordsRange: >= 0.20.0-incubating, < 0.20.3-incubating
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-hjgm-f7vx-m5g7ghsaADVISORY
- lists.apache.org/thread.html/r16dd39f4180e4443ef4ca774a3a5a3d7ac69f91812c183ed2a99e959%40%3Cdev.heron.apache.org%3EnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-1964ghsaADVISORY
- lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67@%3Cdev.ignite.apache.org%3EghsaWEB
- lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3EghsaWEB
- lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67%40%3Cdev.ignite.apache.org%3Envd
- lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94%40%3Cdev.ignite.apache.org%3Envd
- lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94%40%3Cuser.ignite.apache.org%3Envd
- lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755%40%3Cdev.ignite.apache.org%3Envd
News mentions
0No linked articles in our index yet.