GHSA-8p83-68cw-943f

Suggest an improvement
Source
https://github.com/advisories/GHSA-8p83-68cw-943f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-8p83-68cw-943f/GHSA-8p83-68cw-943f.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8p83-68cw-943f
Aliases
Published
2018-10-16T20:53:20Z
Modified
2024-11-22T18:31:04.285833Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Apache Ignite communicates to an external PHP server where sensitive information is sent
Details

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:26:14Z"
}
References

Affected packages

Maven / org.apache.ignite:ignite-core

Package

Name
org.apache.ignite:ignite-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.ignite/ignite-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1

Affected versions

1.*

1.0.0-RC1
1.0.0-RC3
1.0.0
1.1.0-incubating
1.2.0-incubating
1.3.0-incubating
1.4.0
1.5.0-b1
1.5.0.final
1.6.0
1.7.0
1.8.0
1.9.0

2.*

2.0.0