Apache Ignite is vulnerable to information disclosure. The library contains an update notifier component to notify users about new project releases. This component sends sensitive information to an external PHP server (http://ignite.run
) that a malicious user can observe to obtain sensitive data.
CPE | Name | Operator | Version |
---|---|---|---|
ignite-core | eq | 1.0.0-RC1 | |
ignite-core | le | 2.0.0 | |
ignite-spring | le | 2.0.0 |