Ignite Security Vulnerabilities and Issues — Ignite CVE List

Lucene search

ApacheIgnite

8 matches found

CVE•added 2025/02/14 10:15 a.m.•2248 views

CVE-2024-52577

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server clas...

9.5CVSS7.4AI score0.00832EPSS

CVE•added 2018/04/11 1:29 p.m.•1092 views

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters...

9.8CVSS9.6AI score0.94208EPSS

CVE•added 2021/04/01 3:15 p.m.•342 views

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that dir...

4CVSS5.1AI score0.00181EPSS

CVE•added 2020/06/03 1:15 p.m.•85 views

CVE-2020-1963

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

9.1CVSS9.2AI score0.04667EPSS

CVE•added 2018/07/20 1:29 a.m.•82 views

CVE-2018-8018

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exp...

9.8CVSS9.4AI score0.06261EPSS

CVE•added 2017/06/28 1:29 p.m.•80 views

CVE-2017-7686

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send s...

7.5CVSS7.5AI score0.0117EPSS

CVE•added 2018/04/02 5:29 p.m.•80 views

CVE-2018-1295

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sen...

9.8CVSS9.4AI score0.05856EPSS

CVE•added 2017/04/07 7:59 p.m.•68 views

CVE-2016-6805

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

5.9CVSS5.6AI score0.00926EPSS