Ignite Security Vulnerabilities and Issues — Ignite CVE List

ApacheIgnite

9 matches found

CVE•added 2025/02/14 9:55 a.m.•2724 views

CVE-2024-52577

CVE-2024-52577 concerns Apache Ignite: versions 2.6.0 through

9.5CVSS7.4AI score0.02584EPSS

CVE•added 2018/04/11 1:0 p.m.•1154 views

CVE-2018-1273

CVE-2018-1273 is a remote code execution vulnerability in Spring Data Commons (affecting versions prior to 1.13.10 and 2.0–2.0.5, plus older unsupported builds). An unauthenticated attacker could supply crafted request parameters against Spring Data REST HTTP resources or via Spring Data projecti...

9.8CVSS9.6AI score0.94284EPSS

In wildWeb

CVE•added 2021/04/01 2:20 p.m.•429 views

CVE-2021-28163

CVE-2021-28163 (Jetty symlink handling) is reported across multiple IBM advisories as a vulnerability in Eclipse Jetty where if the ${jetty.base} or ${jetty.base}/webapps directory is a symlink, an attacker could obtain the contents of the webapps directory. IBM documents list affected products s...

4CVSS5.1AI score0.00154EPSS

In wild

CVE•added 2018/07/19 6:0 p.m.•105 views

CVE-2018-8018

Impacted component: Apache Ignite. Affected versions include before 2.4.8 and 2.5.x before 2.5.3, where the serialization mechanism does not maintain a whitelist of allowed classes. Root cause: grids deserializing untrusted data via GridClientJdkMarshaller without a restricted class list, enablin...

9.8CVSS9.4AI score0.04449EPSS

CVE•added 2018/04/02 5:0 p.m.•99 views

CVE-2018-1295

CVE-2018-1295 affects Apache Ignite 2.3 and earlier. The root cause is the serialization mechanism lacking a whitelist of allowed classes, enabling arbitrary code execution when a crafted serialized object is deserialized at endpoints such as discovery SPI, Ignite persistence, Memcached endpoint,...

9.8CVSS9.4AI score0.05578EPSS

CVE•added 2020/06/03 12:53 p.m.•97 views

CVE-2020-1963

Apache Ignite (which uses H2 for its distributed SQL execution) has a vulnerability where H2 SQL functions could be abused to access the filesystem. The connected advisories corroborate that this vulnerability involves file-system access via H2 within Ignite. No exploit specifics, affected versio...

9.1CVSS9.2AI score0.04667EPSS

CVE•added 2017/06/28 1:0 p.m.•94 views

CVE-2017-7686

Apache Ignite versions 1.0.0-RC3 through 2.0 are affected by an information disclosure vulnerability stemming from an update notifier that communicates to an external PHP server (ignite.run) and transmits system properties (e.g., Ignite/Java version) that may contain user‑sensitive information. I...

7.5CVSS7.5AI score0.0117EPSS

CVE•added 2017/04/07 7:0 p.m.•77 views

CVE-2016-6805

Summary : CVE-2016-6805 affects Apache Ignite before 1.9. The issue arises from an XML External Entity (XXE) vulnerability in the update-notifier documents, allowing a man-in-the-middle to read arbitrary files. The description in connected sources consistently cites the XXE flaw as the root cause...

5.9CVSS5.6AI score0.00926EPSS

CVE•added 2026/05/28 8:58 a.m.•17 views

CVE-2025-48977

CVE-2025-48977 is a relative path traversal vulnerability in Apache Ignite’s REST API. Authenticated REST API users can read arbitrary server files via a crafted log path using the cmd=log command, affecting Ignite 2.0.0–2.17.0. The issue is fixed in Ignite 2.18.0. If you are running affected ver...

8.5CVSS5.8AI score0.00052EPSS