8 matches found
Relative Path Traversal
Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Relative Path Traversal via t...
Deserialization of Untrusted Data
Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Deserialization of Untrusted...
be.cylab.mark:example (>=0.0.22 <=0.0.28), be.cylab.mark:server (>=0.0.10 <=0.0.28) +307 more potentially affected by CVE-2020-1963 via org.apache.ignite:ignite-core (>=1.0.0-RC1 <=2.8.0)
org.apache.ignite:ignite-core MAVEN version =1.0.0-RC1, =0.0.22, =0.0.10, =v1.0.0, =1.4.0, =7.6.1, =8.11.0, =8.11.0, =8.0.0, =1.0.0, =3.0.0-beta1, =1.0.0.RELEASE, =0.1.2, =0.14.0-RC1 and more Source cves: CVE-2020-1963 Source advisory: OSV:GHSA-5WM5-8Q42-RHXG...
cn.youweisoft:sparrow-permission (>=1.4.0 <=1.6.0), com.bucket4j:bucket4j-ignite (>=7.6.1 <=8.10.1) +267 more potentially affected by CVE-2018-8018 via org.apache.ignite:ignite-core (>=1.0.0-RC1 <=2.5.0)
org.apache.ignite:ignite-core MAVEN version =1.0.0-RC1, =1.4.0, =7.6.1, =8.11.0, =8.11.0, =8.0.0, =1.0.0, =3.0.0-beta1, =0.1.2, =1.5.1, =2.0, =0.0.1, =1.1.0 - com.github.itzmedinesh:micro-cache-grid =1.0.0 and more Source cves: CVE-2018-8018 Source advisory: OSV:GHSA-QCJV-WFCG-MMPR...
cn.youweisoft:sparrow-permission (>=1.4.0 <=1.6.0), com.bucket4j:bucket4j-ignite (>=7.6.1 <=8.10.1) +257 more potentially affected by CVE-2018-1295 via org.apache.ignite:ignite-core (>=1.0.0-RC1 <=2.3.0)
org.apache.ignite:ignite-core MAVEN version =1.0.0-RC1, =1.4.0, =7.6.1, =8.11.0, =8.11.0, =8.0.0, =1.0.0, =3.0.0-beta1, =0.9.1, =1.5.1, =2.0, =0.0.1, =1.0, =1.01 - com.github.rubanm:ignite-scala2.10 =0.0.1 and more Source cves: CVE-2018-1295 Source advisory: OSV:GHSA-CHP4-RV79-68J3...
com.ecfront:ezf-message (>=3.0.0-beta1 <=3.0.0-beta3), com.github.dexecutor:dexecutor-ignite (>=0.0.1 <=1.0.1) +91 more potentially affected by CVE-2016-6805 via org.apache.ignite:ignite-core (>=1.0.0-RC1 <=1.8.0)
org.apache.ignite:ignite-core MAVEN version =1.0.0-RC1, =3.0.0-beta1, =0.0.1, =1.0, =1.1.0-RELEASE, =1.0.0-RELEASE, =1.0.0-RELEASE, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.10 and more Source cves: CVE-2016-6805 Source advisory: OSV:GHSA-8QFC-CVJP-MGPQ...
com.ecfront.dew:cluster-spi-ignite (>=1.0.0 <=1.1.4), com.ecfront:ezf-message (>=3.0.0-beta1 <=3.0.0-beta3) +103 more potentially affected by CVE-2017-7686 via org.apache.ignite:ignite-core (>=1.0.0-RC1 <=2.0.0)
org.apache.ignite:ignite-core MAVEN version =1.0.0-RC1, =1.0.0, =3.0.0-beta1, =0.0.1, =1.0, =1.1.0-RELEASE, =1.0.0-RELEASE, =1.0.0-RELEASE, =0.0.5, =0.0.5, =0.0.5, =0.0.8 and more Source cves: CVE-2017-7686 Source advisory: OSV:GHSA-8P83-68CW-943F...
Remote Code Execution (RCE)
ignite-core is vulnerable to remote code execution RCE attacks. The library does not restrict the types of classes that can be serialized or deserialized, allowing a malicious user to pass a serialized class to the GridClientJdkMarshaller endpoint to inject and execute arbitrary code...