geode-core is vulnerable to unauthorized read and write access. An OQL method invocation vulnerability exists which allows a user with read access within a Geode cluster to execute OQL queries which leads to read and write access to objects within unauthorized regions. Additionally, a user may also invoke methods that allow remote code execution.