CVE-2024-52577

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-52577

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52577.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52577

Aliases

GHSA-8355-xj3p-hv6q

Related

CGA-rwhp-7x8q-xj8j

Published

2025-02-14T10:15:09.557Z

Modified

2026-04-10T05:16:34.159517Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.

References

Affected packages

Git / github.com/apache/ignite

Affected ranges

Type

GIT

Repo

https://github.com/apache/ignite

Events

Introduced

669feacc5d3a4e60efcdd300dc8de99780f38eed

Fixed

d53d4540b64bb4a25f1a5a1003c4338727628c9f

Database specific

{
    "versions": [
        {
            "introduced": "2.6.0"
        },
        {
            "fixed": "2.17.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52577.json"