logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2020-1963 org.apache.ignite:ignite-core

Package

Manager: maven
Name: org.apache.ignite:ignite-core
Vulnerable Version: >=0 <2.8.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.04667 pctl0.88898

Details

File system access via H2 in Apache Ignite Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

Metadata

Created: 2020-06-05T16:11:02Z
Modified: 2022-02-08T22:05:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-5wm5-8q42-rhxg/GHSA-5wm5-8q42-rhxg.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-5wm5-8q42-rhxg
Finding: F039
Auto approve: 1