PYSEC-2017-146

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pyignite/PYSEC-2017-146.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2017-146

Withdrawn

2024-11-22T04:37:05Z

Published

2017-06-28T13:29:00Z

Modified

2024-11-21T14:22:59.736776Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.

References

Affected packages

PyPI / pyignite

Package

Name: pyignite; View open source insights on deps.dev
Purl: pkg:pypi/pyignite

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.0

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.2.0

0.3.0

0.3.2

0.3.3

0.3.4

0.4.0

0.5.0

0.5.1

0.5.2

0.6.0

0.6.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pyignite/PYSEC-2017-146.yaml"