Critical severityNVD Advisory· Published Oct 24, 2022· Updated May 7, 2025
CRLF log injection
CVE-2021-42010
Description
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.heron:heron-apiMaven | < 0.20.5-incubating | 0.20.5-incubating |
Affected products
2- Apache Software Foundation/Apache Heron (Incubating)v5Range: Apache Heron 0.20.4-incubating
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-95w5-q9vp-5vrmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-42010ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/10/23/2ghsamailing-listWEB
- lists.apache.org/thread/j65nwr8n7jchngwqptzh100drcr4ry2qghsaWEB
News mentions
0No linked articles in our index yet.