org.apache.ignite:ignite-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.ignite:ignite-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2018-1295 — CVSS 9.8 (critical): In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization…
CVE-2018-8018 — CVSS 9.8 (critical): In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for…
CVE-2020-1963 — CVSS 9.1 (critical): Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to…
CVE-2024-52577 — CVSS 9.0 (critical): In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The…
CVE-2017-7686 — CVSS 7.5 (high): Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional…
CVE-2016-6805 — CVSS 5.9 (medium): Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.