Apache Software Foundation Geode 1.12.6

CPE Details

Apache Software Foundation Geode 1.12.6
apache
geode
1.12.6
2022-01-16
03h16 +00:00
2022-01-20
16h20 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:geode:1.12.6:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

geode

Version

1.12.6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-34870 2022-10-24 22h00 +00:00 Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.
5.4
Moyen
CVE-2022-37023 2022-08-31 05h00 +00:00 Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling "validate-serializable-objects=true" and specifying any user classes that may be serialized/deserialized with "serializable-object-filter". Enabling "validate-serializable-objects" may impact performance.
6.5
Moyen