Apache: Security Vulnerabilities
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-03-07
Improper Input Validation vulnerability in the Apache Airflow Google Provider.
This issue affects Apache Airflow Google Provider versions before 8.10.0.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-24
Improper Input Validation vulnerability in the Apache Airflow Google Provider.
This issue affects Apache Airflow Google Provider versions before 8.10.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-02-24
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.
This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-02-24
Improper Input Validation vulnerability in the Apache Airflow Hive Provider.
This issue affects Apache Airflow Hive Provider versions before 5.1.3.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-02-24
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider.
This issue affects Apache Airflow AWS Provider versions before 7.2.1.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-02-24
Privilege Escalation vulnerability in Apache Software Foundation Apache Sling.
Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product. For example an attacker might fool someone by changing the text on a delete button to "Info".
This issue affects the i18n module of Apache Sling up to version 2.5.18. Version 2.6.2 and higher limit by default i18m dictionaries to certain paths in the repository (/libs and /apps).
Users of the module are advised to update to version 2.6.2 or higher, check the configuration for resource loading and then adjust the access permissions for the configured path accordingly.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-02-23
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
CVSS Score
7.5
EPSS Score
0.478
Published
2023-02-20
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-20
Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu.
ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own.
This issue affects Apache ShenYu: 2.5.0.
Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .
CVSS Score
8.8
EPSS Score
0.004
Published
2023-02-15