Lucene search
+L

4 matches found

github
github
added 2018/10/16 8:53 p.m.34 views

Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

9.8CVSS3AI score0.06705EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2018/04/03 9:19 a.m.30 views

CVE-2018-1295

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

9.8CVSS2.9AI score0.06705EPSS
Exploits0References2
nvd
nvd
added 2018/04/02 5:29 p.m.38 views

CVE-2018-1295

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

9.8CVSS9.5AI score0.06705EPSS
Exploits0References3
cvelist
cvelist
added 2018/04/02 5:0 p.m.42 views

CVE-2018-1295

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

9.6AI score0.06705EPSS
Exploits0References3
Rows per page
Query Builder