logo

Database

XML injection (XXE) In org.apache.ignite:ignite-core

Description

Moderate severity vulnerability that affects org.apache.ignite:ignite-core Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-68052. NVD-2016-68053. OSV-2016-68054. GHSA-8qfc-cvjp-mgpq5. GCVE-2016-6805

References

1. http://seclists.org/oss-sec/2017/q2/312. http://www.securityfocus.com/bid/97509

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.