GHSA-5wm5-8q42-rhxg

Source

https://github.com/advisories/GHSA-5wm5-8q42-rhxg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-5wm5-8q42-rhxg/GHSA-5wm5-8q42-rhxg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5wm5-8q42-rhxg

Aliases

CVE-2020-1963

Published

2020-06-05T16:11:02Z

Modified

2023-11-08T04:02:47.492796Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

File system access via H2 in Apache Ignite

Details

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

Database specific

{
    "nvd_published_at": "2020-06-03T13:15:00Z",
    "github_reviewed_at": "2020-06-04T18:55:16Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-862"
    ]
}

References

Affected packages

Maven / org.apache.ignite:ignite-core

Package

Name: org.apache.ignite:ignite-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.ignite/ignite-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.1

Affected versions

1.*

1.0.0-RC1

1.0.0-RC3

1.0.0

1.1.0-incubating

1.2.0-incubating

1.3.0-incubating

1.4.0

1.5.0-b1

1.5.0.final

1.6.0

1.7.0

1.8.0

1.9.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

2.6.0

2.7.0

2.7.5

2.7.6

2.8.0