org.apache.ignite:ignite-core 2.7.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.ignite:ignite-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to Class Serialization Filters being ignored for some Ignite endpoints. An attacker can execute arbitrary code on the server by sending a crafted message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. How to fix Deserialization of Untrusted Data? Upgrade `org.apache.ignite:ignite-core` to version 2.17.0 or higher.	[2.6.0,2.17.0)
H Memory Leak org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Memory Leak via the thin client protocol, which interprets the first 4 bytes as message size and allocates an array for it. Any "big" 4 bytes sent on a thin client port could lead to Out Of Memory. How to fix Memory Leak? Upgrade `org.apache.ignite:ignite-core` to version 2.13.0 or higher.	[,2.13.0)
C Incorrect Authorization org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Incorrect Authorization. It uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. How to fix Incorrect Authorization? Upgrade `org.apache.ignite:ignite-core` to version 2.8.1 or higher.	[,2.8.1)
M Denial of Service (DoS) org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Denial of Service (DoS). A firewall configuration issue may effectively lead to a cluster DDoS. How to fix Denial of Service (DoS)? Upgrade `org.apache.ignite:ignite-core` to version 2.8 or higher.	[1.7,2.8)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to Class Serialization Filters being ignored for some Ignite endpoints. An attacker can execute arbitrary code on the server by sending a crafted message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints.

How to fix Deserialization of Untrusted Data?

Upgrade org.apache.ignite:ignite-core to version 2.17.0 or higher.

[2.6.0,2.17.0)

Memory Leak

Affected versions of this package are vulnerable to Memory Leak via the thin client protocol, which interprets the first 4 bytes as message size and allocates an array for it. Any "big" 4 bytes sent on a thin client port could lead to Out Of Memory.

How to fix Memory Leak?

Upgrade org.apache.ignite:ignite-core to version 2.13.0 or higher.

[,2.13.0)

Incorrect Authorization

Affected versions of this package are vulnerable to Incorrect Authorization. It uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

How to fix Incorrect Authorization?

Upgrade org.apache.ignite:ignite-core to version 2.8.1 or higher.

[,2.8.1)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS). A firewall configuration issue may effectively lead to a cluster DDoS.

How to fix Denial of Service (DoS)?

Upgrade org.apache.ignite:ignite-core to version 2.8 or higher.

[1.7,2.8)

org.apache.ignite:ignite-core@2.7.0 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically