Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2022/09/01 12:0 a.m.4 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=2.0.0 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=2.0.0 <=3.0.4) +53 more potentially affected by CVE-2022-37023 via org.apache.geode:geode-core (>=1.0.0-incubating <=1.14.4)

org.apache.geode:geode-core MAVEN version =1.0.0-incubating, =2.0.0, =2.0.0, =2.0.0, =0.3.12, =0.3.5, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.14.4 and more Source cves: CVE-2022-37023 Source advisory: OSV:GHSA-72X9-48MC-PHH6...

6.5CVSS6.5AI score0.01335EPSS
Exploits0
NVD
NVD
added 2022/08/31 7:15 a.m.17 views

CVE-2022-37023

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

6.5CVSS0.01335EPSS
Exploits0References1
CVE
CVE
added 2022/08/31 7:0 a.m.471 views

CVE-2022-37023

Apache Geode (prior to 1.15.0) is vulnerable to deserialization of untrusted data via REST APIs when running on Java 8 or Java 11. The root cause is untrusted data deserialization during REST operations, enabling attackers to potentially execute arbitrary code. Mitigation per the sources is to up...

6.5CVSS6.5AI score0.01335EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/31 7:0 a.m.19 views

CVE-2022-37023 Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...

6.7AI score0.01335EPSS
Exploits0References1
Rows per page
Query Builder