3 matches found
com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-15695 via org.apache.geode:geode-core (>=1.10.0 <=1.4.0)
org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.16.0, =1.14.0, =1.4.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-15695 Source advisory: OSV:GHSA-JMG4-X4VP-6C6X...
CVE-2017-15695
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...
CVE-2017-15695
CVE-2017-15695 affects Apache Geode server versions 1.0.0–1.4.0 when configured with a security manager. A user with the privileges DATA:WRITE can deploy code by invoking an internal Geode function, enabling remote code execution. The proper restriction is that code deployment should be limited t...