CVE-2025-48977

CVE-2025-48977 is a relative path traversal vulnerability in Apache Ignite’s REST API. Authenticated REST API users can read arbitrary server files via a crafted log path using the cmd=log command, affecting Ignite 2.0.0–2.17.0. The issue is fixed in Ignite 2.18.0. If you are running affected ver...

CVE-2025-48977 Apache Ignite: REST HTTP arbitrary file read vulnerability

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

PT-2026-44225

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

Apache Ignite 安全漏洞

Apache Ignite is a high-performance, integrated, and distributed memory computing and transaction management platform for large-scale data sets, developed by the Apache Foundation. Security vulnerabilities exist in the Apache Ignite REST API versions 2.0.0 to 2.17.0. These vulnerabilities stem fr...

EUVD-2018-0661

Malware in sbrugna...

EUVD-2017-0146

Malware in sbrugna...

EUVD-2018-0580

Malware in sbrugna...

EUVD-2018-0554

Malware in sbrugna...

EUVD-2020-0461

Malware in sbrugna...

EUVD-2025-4892

Malicious code in bioql PyPI...

Remote Code Execution (RCE)

Apache Ignite is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper deserialization due to the configured Class Serialization Filters being ignored for some Ignite endpoints, allowing an attacker to send a maliciously crafted message that executes arbitrary code on the...

CVE-2024-52577

A flaw was found in Apache Ignite. This vulnerability allows remote code execution via specially crafted Ignite messages that bypass Class Serialization Filters. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Securit...

GHSA-8355-XJ3P-HV6Q Apache Ignite: Possible RCE when deserializing incoming messages by the server node

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...

Apache Ignite: Possible RCE when deserializing incoming messages by the server node

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...

CVE-2024-52577

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...

CVE-2024-52577

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...

CVE-2024-52577 Apache Ignite: Possible RCE when deserializing incoming messages by the server node

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...

CVE-2024-52577 Apache Ignite: Possible RCE when deserializing incoming messages by the server node

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...

CVE-2024-52577

CVE-2024-52577 concerns Apache Ignite: versions 2.6.0 through

PT-2025-6710 · Apache · Apache Ignite

Name of the Vulnerable Software and Affected Versions: Apache Ignite versions 2.6.0 through 2.17.0 Description: The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it t...