CVE-2018-1295 is a vulnerability in Apache Ignite
Published on April 2, 2018
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
Products Associated with CVE-2018-1295
Want to know whenever a new CVE is published for Apache Ignite? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Ignite Version 2.3 and earlier is affected by CVE-2018-1295Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.