VulnerableCode Package Details - pkg:maven/org.apache.ignite/ignite-core@2.6.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-d6hk-e64u-tbcj Aliases: CVE-2020-1963 GHSA-5wm5-8q42-rhxg	File system access via H2 in Apache Ignite Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.	2.8.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-t38y-1dv8-b7av Aliases: CVE-2024-52577 GHSA-8355-xj3p-hv6q	Apache Ignite: Possible RCE when deserializing incoming messages by the server node In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.	2.17.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-d6hk-e64u-tbcj
Aliases:
CVE-2020-1963
GHSA-5wm5-8q42-rhxg

File system access via H2 in Apache Ignite Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

2.8.1
Affected by 1 other vulnerability.

VCID-t38y-1dv8-b7av
Aliases:
CVE-2024-52577
GHSA-8355-xj3p-hv6q

Apache Ignite: Possible RCE when deserializing incoming messages by the server node In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.

2.17.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-s8a4-9j7s-8fc8	Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.	CVE-2018-1273 GHSA-4fq3-mr56-cg6r
VCID-ykug-1dhq-tygt	In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.	CVE-2018-8018 GHSA-qcjv-wfcg-mmpr

Vulnerability

Summary

Aliases

VCID-s8a4-9j7s-8fc8

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

CVE-2018-1273
GHSA-4fq3-mr56-cg6r

VCID-ykug-1dhq-tygt

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

CVE-2018-8018
GHSA-qcjv-wfcg-mmpr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:21:06.601342+00:00	GitLab Importer	Affected by	VCID-t38y-1dv8-b7av	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2024-52577.yml	38.4.0
2026-04-16T21:04:00.346809+00:00	GitLab Importer	Affected by	VCID-d6hk-e64u-tbcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2020-1963.yml	38.4.0
2026-04-16T20:46:28.086976+00:00	GitLab Importer	Fixing	VCID-ykug-1dhq-tygt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2018-8018.yml	38.4.0
2026-04-16T20:42:34.835179+00:00	GitLab Importer	Fixing	VCID-s8a4-9j7s-8fc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2018-1273.yml	38.4.0
2026-04-16T01:24:47.599668+00:00	GHSA Importer	Fixing	VCID-ykug-1dhq-tygt	https://github.com/advisories/GHSA-qcjv-wfcg-mmpr	38.4.0
2026-04-12T00:40:07.750623+00:00	GitLab Importer	Affected by	VCID-t38y-1dv8-b7av	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2024-52577.yml	38.3.0
2026-04-11T22:15:23.097414+00:00	GitLab Importer	Affected by	VCID-d6hk-e64u-tbcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2020-1963.yml	38.3.0
2026-04-11T21:57:14.749001+00:00	GitLab Importer	Fixing	VCID-ykug-1dhq-tygt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2018-8018.yml	38.3.0
2026-04-11T21:53:11.209418+00:00	GitLab Importer	Fixing	VCID-s8a4-9j7s-8fc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2018-1273.yml	38.3.0
2026-04-11T12:54:06.033185+00:00	GHSA Importer	Fixing	VCID-ykug-1dhq-tygt	https://github.com/advisories/GHSA-qcjv-wfcg-mmpr	38.3.0
2026-04-07T04:57:05.738765+00:00	GHSA Importer	Affected by	VCID-t38y-1dv8-b7av	https://github.com/advisories/GHSA-8355-xj3p-hv6q	38.1.0
2026-04-03T00:48:03.525170+00:00	GitLab Importer	Affected by	VCID-t38y-1dv8-b7av	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2024-52577.yml	38.1.0
2026-04-02T22:27:37.862809+00:00	GitLab Importer	Affected by	VCID-d6hk-e64u-tbcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2020-1963.yml	38.1.0
2026-04-02T22:10:38.034617+00:00	GitLab Importer	Fixing	VCID-ykug-1dhq-tygt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2018-8018.yml	38.1.0
2026-04-02T22:06:56.515322+00:00	GitLab Importer	Fixing	VCID-s8a4-9j7s-8fc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2018-1273.yml	38.1.0
2026-04-02T13:46:47.578939+00:00	GHSA Importer	Fixing	VCID-ykug-1dhq-tygt	https://github.com/advisories/GHSA-qcjv-wfcg-mmpr	38.1.0
2026-04-02T12:40:53.192855+00:00	GitLab Importer	Affected by	VCID-t38y-1dv8-b7av	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2024-52577.yml	38.0.0
2026-04-01T16:45:40.560074+00:00	GitLab Importer	Affected by	VCID-d6hk-e64u-tbcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2020-1963.yml	38.0.0
2026-04-01T12:47:51.807140+00:00	GitLab Importer	Fixing	VCID-ykug-1dhq-tygt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2018-8018.yml	38.0.0
2026-04-01T12:47:39.143741+00:00	GitLab Importer	Fixing	VCID-s8a4-9j7s-8fc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ignite/ignite-core/CVE-2018-1273.yml	38.0.0