Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3bTUtOHE0Mi1yaHhn
File system access via H2 in Apache Ignite
Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.
Permalink: https://github.com/advisories/GHSA-5wm5-8q42-rhxgJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3bTUtOHE0Mi1yaHhn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 4 years ago
Updated: almost 2 years ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Percentage: 0.01289
EPSS Percentile: 0.85507
Identifiers: GHSA-5wm5-8q42-rhxg, CVE-2020-1963
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-1963
- https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cuser.ignite.apache.org%3E
- http://www.openwall.com/lists/oss-security/2020/06/03/2
- https://lists.apache.org/thread.html/r119024ef71c8d39f952df0950a275d09714715179aff544aea0129a3@%3Cuser.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67@%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3E
- https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3E
- https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3E
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://github.com/advisories/GHSA-5wm5-8q42-rhxg
Affected Packages
maven:org.apache.ignite:ignite-core
Dependent packages: 280Dependent repositories: 755
Downloads:
Affected Version Ranges: < 2.8.1
Fixed in: 2.8.1
All affected versions: 1.0.0, 1.4.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 2.7.5, 2.7.6, 2.8.0
All unaffected versions: 2.8.1, 2.9.0, 2.9.1, 2.10.0, 2.11.0, 2.11.1, 2.12.0, 2.13.0, 2.14.0, 2.15.0, 2.16.0