2 matches found
CVE-2022-37021
Apache Geode is vulnerable to deserialization of untrusted data when using JMX over RMI on Java 8 in versions up to 1.12.5, 1.13.4, and 1.14.0. The advised fix is to upgrade to Geode 1.15 with Java 11. If Java 11 is not possible, upgrade to Geode 1.15 and start Locators/Servers with --J=-Dgeode.e...
CVE-2021-34797
CVE-2021-34797 affects Apache Geode up to 1.12.4 and 1.13.4, where log file redaction mishandles values starting with non-alphanumeric characters for passwords and security properties prefixed with “sysprop-”, “javax.net.ssl”, or “security-”. This could lead to sensitive information being written...