Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-ORGAPACHEGEODE-32373
- published 13 Jun 2018
- disclosed 13 Jun 2018
- credit Unknown
How to fix?
org.apache.geode:geode-core to version 1.5.0 or higher.
org.apache.geode:geode-core is a data management platform that provides real-time, consistent access to data-intensive applications throughout widely distributed cloud architectures.
Affected versions of this package are vulnerable to Arbitrary Code Execution. When a Geode server is configured with a security manager, a user with
DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function.