Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-1964

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.099
EPSS Ranking 92.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-1964
  • Apache » Heron » Version: 0.20.0-incubating
    cpe:2.3:a:apache:heron:0.20.0-incubating
  • Apache » Heron » Version: 0.20.1-incubating
    cpe:2.3:a:apache:heron:0.20.1-incubating
  • Apache » Heron » Version: 0.20.2-incubating
    cpe:2.3:a:apache:heron:0.20.2-incubating


Products
Pricing
Contact Us

Shodan ® - All rights reserved