PT-2022-11530 · Heron · Heron

Bo Yu

Published

2022-10-24

Updated

2023-08-08

CVE-2021-42010

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Heron versions <= 0.20.4-incubating

Description The issue is related to CRLF log injection due to the lack of escaping in log statements. This allows for potential log manipulation. To address this, an update to version 0.20.5-incubating is recommended, as it contains the necessary fixes.

Recommendations For Heron versions <= 0.20.4-incubating, update to version 0.20.5-incubating to resolve the issue.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

CVE-2021-42010

GHSA-95W5-Q9VP-5VRM

Affected Products

Heron

PT-2022-11530 · Heron · Heron

CVE-2021-42010

Weakness Enumeration

Related Identifiers

Affected Products

References · 6