CVE-2020-1964

Name of the Vulnerable Software and Affected Versions Apache Heron versions 0.20.0-incubating through 0.20.2-incubating

Description The issue is related to the deserialization of untrusted data, allowing for remote code execution. This occurs because the YAML parser is not configured to prevent the instantiation of arbitrary types.

Recommendations For Apache Heron versions 0.20.0-incubating through 0.20.2-incubating, consider configuring the YAML parser to prevent the instantiation of arbitrary types as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.