4 matches found
com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=2.0.0 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=2.0.0 <=3.0.4) +53 more potentially affected by CVE-2022-37023 via org.apache.geode:geode-core (>=1.0.0-incubating <=1.14.4)
org.apache.geode:geode-core MAVEN version =1.0.0-incubating, =2.0.0, =2.0.0, =2.0.0, =0.3.12, =0.3.5, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.14.4 and more Source cves: CVE-2022-37023 Source advisory: OSV:GHSA-72X9-48MC-PHH6...
CVE-2022-37023
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...
CVE-2022-37023
Apache Geode (prior to 1.15.0) is vulnerable to deserialization of untrusted data via REST APIs when running on Java 8 or Java 11. The root cause is untrusted data deserialization during REST operations, enabling attackers to potentially execute arbitrary code. Mitigation per the sources is to up...
CVE-2022-37023 Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details o...