Lucene search
GoogleOSV:GHSA-6M68-3W55-6MX4HistoryMay 14, 2022 - 12:57 a.m.
Apache Geode OQL method invocation vulnerability
2022-05-1400:57:16
Google
osv.dev
15
apache geode
oql
method invocation
vulnerability
secure mode
remote code execution
EPSS
0.029
Percentile
90.9%
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.
References
issues.apache.org/jira/browse/GEODE-3247
lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7@%3Cuser.geode.apache.org%3E
lists.apache.org/thread.html/232d75150991820d2fe6ba6bd4265fb58b4fe4d9d8d62eb2fd97256c@%3Cdev.geode.apache.org%3E
lists.apache.org/thread.html/3a48163ca1fff757aefa4d9df24a251bb11ddd599a78cd85585abd00@%3Cdev.geode.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2017-9795
Related
prion
prion
Remote code execution
2018-01-10 03:29:00
veracode
veracode
Unauthorized Read And Write Access
2018-01-10 07:58:19
github
github
Apache Geode OQL method invocation vulnerability
2022-05-14 00:57:16
cvelist
cvelist
CVE-2017-9795
2018-01-10 03:00:00
osv
osv
CVE-2017-9795
2018-01-10 03:29:00
nvd
nvd
CVE-2017-9795
2018-01-10 03:29:00
cve
cve
CVE-2017-9795
2018-01-10 03:29:00