CVE-2024-52577

Critical CVSS: 9.5

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.

Vendor

Apache

Product

Ignite

CWE

CWE-502

Yayın Tarihi

2025-02-14 10:15:09

Güncelleme

2025-07-14 14:08:27

Source Identifier

security@apache.org

KEV Date Added

Kategoriler

CWE-502 Ignite CRITICAL Apache 2025

Referanslar

https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh http://www.openwall.com/lists/oss-security/2025/02/14/2

Benzer Kayıtlar

High

CVE-2025-65114

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Se…

High

CVE-2025-58136

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from…

Medium

CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate…

Low

CVE-2026-32642

Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application us…

Medium

CVE-2026-26929

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filterin…

Medium

CVE-2026-28563

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filt…