Please remove me from all future emails and distributions. Thanks,
Kevin Sent from my iPhone > On Jan 9, 2018, at 5:05 PM, Anthony Baker <[email protected]> wrote: > > CVE-2017-9796 Apache Geode OQL bind parameter vulnerability > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: Apache Geode 1.0.0 through 1.2.1 > > Description: > A malicious user with read access to specific regions within a Geode > cluster may execute OQL queries containing a region name as a bind > parameter that allow read access to objects within unauthorized > regions. > > Mitigation: > Users of the affected versions should upgrade to Apache Geode 1.3.0 or later. > > Credit: > This issue was reported responsibly to the Apache Geode Security Team > by Dan Smith from Pivotal. > > References: > [1] https://issues.apache.org/jira/browse/GEODE-3248 > [2] > https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities > > --- > The Geode PMC
