Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.ignite/ignite-core@2.10.0

Type maven

Namespace org.apache.ignite

Name ignite-core

Version 2.10.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.17.0

Latest_non_vulnerable_version 2.17.0

Affected_by_vulnerabilities

url VCID-t38y-1dv8-b7av

vulnerability_id VCID-t38y-1dv8-b7av

summary

Apache Ignite: Possible RCE when deserializing incoming messages by the server node
In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52577.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52577.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52577

reference_id

reference_type

scores

value	0.02584
scoring_system	epss
scoring_elements	0.8558
published_at	2026-04-11T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.8563
published_at	2026-04-26T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85555
published_at	2026-04-08T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85601
published_at	2026-04-18T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85596
published_at	2026-04-16T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85573
published_at	2026-04-13T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85577
published_at	2026-04-12T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85514
published_at	2026-04-02T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85531
published_at	2026-04-04T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85535
published_at	2026-04-07T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85566
published_at	2026-04-09T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85631
published_at	2026-04-29T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85619
published_at	2026-04-24T12:55:00Z

value	0.02584
scoring_system	epss
scoring_elements	0.85597
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52577

reference_url

https://github.com/apache/ignite

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/ignite

reference_url

https://github.com/apache/ignite/commit/f1d3579eabb2c6f5b11b94d58600afc497a8603d

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/ignite/commit/f1d3579eabb2c6f5b11b94d58600afc497a8603d

reference_url

https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T16:46:34Z/

url

https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52577

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52577

reference_url

http://www.openwall.com/lists/oss-security/2025/02/14/2

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/02/14/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2345704
reference_id	2345704
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2345704

reference_url

https://github.com/advisories/GHSA-8355-xj3p-hv6q

reference_id

GHSA-8355-xj3p-hv6q

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8355-xj3p-hv6q

fixed_packages

url	pkg:maven/org.apache.ignite/ignite-core@2.17.0
purl	pkg:maven/org.apache.ignite/ignite-core@2.17.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.17.0

aliases CVE-2024-52577, GHSA-8355-xj3p-hv6q

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t38y-1dv8-b7av

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.10.0

Package Instance