VYPR

Helix

by Apache

Source repositories

CVEs (2)

  • CVE-2023-38647Jul 26, 2023
    risk 0.00cvss epss 0.02

    An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code…

  • CVE-2022-47500Dec 19, 2022
    risk 0.00cvss epss 0.01

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI…