Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3bTUtOHE0Mi1yaHhn

File system access via H2 in Apache Ignite

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

Permalink: https://github.com/advisories/GHSA-5wm5-8q42-rhxg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3bTUtOHE0Mi1yaHhn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 4 years ago
Updated: over 1 year ago

CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Identifiers: GHSA-5wm5-8q42-rhxg, CVE-2020-1963
References:

• https://nvd.nist.gov/vuln/detail/CVE-2020-1963
• https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E
• https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cdev.ignite.apache.org%3E
• https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cuser.ignite.apache.org%3E
• http://www.openwall.com/lists/oss-security/2020/06/03/2
• https://lists.apache.org/thread.html/r119024ef71c8d39f952df0950a275d09714715179aff544aea0129a3@%3Cuser.ignite.apache.org%3E
• https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67@%3Cdev.ignite.apache.org%3E
• https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3E
• https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3E
• https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3E
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://github.com/advisories/GHSA-5wm5-8q42-rhxg

Blast Radius: 26.2

Affected Packages