CVE-2017-15692

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15692

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15692.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-15692

Aliases

GHSA-w395-hpq9-7xwr

Published

2018-02-27T15:29:00Z

Modified

2024-09-03T01:45:27.857225Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

References

Affected packages

Git / github.com/apache/geode

Affected ranges

Type: GIT
Repo: https://github.com/apache/geode
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2a70679608120042fa7cbee67f4dd21a085d9588

Affected versions

rel/v1.*

rel/v1.0.0-incubating

rel/v1.0.0-incubating.M1

rel/v1.0.0-incubating.M2

rel/v1.0.0-incubating.M3

rel/v1.1.0

rel/v1.2.0

rel/v1.2.1

rel/v1.3.0

Other

sga2-core