CVE-2017-9795
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Apache Geode OQL method invocation vulnerability
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.geode:geode-core | >=1.0.0,<1.3.0 | 1.3.0 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2017-9795
- https://issues.apache.org/jira/browse/GEODE-3247
- https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7@%3Cuser.geode.apache.org%3E
- https://lists.apache.org/thread.html/232d75150991820d2fe6ba6bd4265fb58b4fe4d9d8d62eb2fd97256c@%3Cdev.geode.apache.org%3E
- https://lists.apache.org/thread.html/3a48163ca1fff757aefa4d9df24a251bb11ddd599a78cd85585abd00@%3Cdev.geode.apache.org%3E
Verify integrity in audit chain (admin only). AS-IS.