com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-9796 via org.apache.geode:geode-core (>=1.10.0 <=1.2.1)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-9796 Source advisory: OSV:GHSA-Q7CP-R6CJ-HPF5...

CVE-2017-9796

CVE-2017-9796 affects Apache Geode prior to v1.3.0 when operating in secure mode. A user with read access to certain regions can have their OQL query bind parameter specify a region name, which may grant read access to objects in unauthorized regions. This is documented in multiple sources (GitHu...