GHSA-GJP8-99FV-CGCW Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410 Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410 Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

EUVD-2016-10674

Malware in sbrugna...

EUVD-2022-4038

Malicious code in bioql PyPI...

EUVD-2022-2127

Malicious code in bioql PyPI...

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=2.0.0 <=2.0.1), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=2.0.0 <=2.0.1) +51 more potentially affected by CVE-2022-37021 via org.apache.geode:geode-core (>=1.0.0-incubating <=1.12.1)

org.apache.geode:geode-core MAVEN version =1.0.0-incubating, =2.0.0, =2.0.0, =2.0.0, =0.3.12, =0.3.5, =2.4.0, =1.22.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.0.0-incubating, =1.12.1 and more Source cves: CVE-2022-37021 Source advisory: OSV:GHSA-Q4Q3-R45F-7GWG...

Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will...

Apache Geode gfsh query vulnerability

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

Apache Geode gfsh authorization vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

GHSA-H22R-H77W-2G5F Apache Geode gfsh authorization vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

Unauthorized Access

geode-core is vulnerable to unauthorized access through gfsh authorization. The vulnerability exists as a user who is connected using the to the Geode cluster, using gfsh tool over HTTP, is able to read status information as well as control cluster members even without CLUSTER:MANAGE privileges...

Information Disclosure

geode-core is vulnerable to information disclosure. The library has a bug in the gfsh query pagination, causing gfsh queries to return sensitive information from a different user...

Command injection

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

CVE-2017-9794

The CVE-2017-9794 entry describes an information-disclosure flaw in Apache Geode prior to version 1.2.1: when a cluster runs in secure mode, a user with read access to certain data regions can use the gfsh CLI to run queries, and query results may include data from another user’s concurrent gfsh ...

CVE-2017-9794

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...