Maflend opened a new issue, #12343: URL: https://github.com/apache/ignite/issues/12343
Hello, I am currently analyzing my security reports for my Apache ignite 2.17 application and I got notify of these security vulnerabilities in said reports: **Library: com.h2database:h2 (h2-1.4.197.jar)** **Vulnerability:** CVE-2021-42392 (CRITICAL) **Fixed Version:** 2.0.206 **Title:** Remote Code Execution in Console https://avd.aquasec.com/nvd/cve-2021-42392 **Vulnerability:** CVE-2022-23221 (CRITICAL) **Fixed Version:** 2.1.210 **Title:** Loading of custom classes from remote servers through https://avd.aquasec.com/nvd/cve-2022-23221 Link to the MVN where these vulnerabilities are listed: https://mvnrepository.com/artifact/com.h2database/h2/1.4.197 **Library: org.springframework:spring-context (spring-context-5.3.39.jar)** **Vulnerability:** CVE-2024-38820 (MEDIUM) **Fixed Version:** 6.1.14 **Title:** The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ... https://avd.aquasec.com/nvd/cve-2024-38820 **Vulnerability:** CVE-2025-22233 (LOW) **Fixed Version:** 6.2.7, 6.1.20 **Title:** CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ... https://avd.aquasec.com/nvd/cve-2025-22233 Are you planning to update versions to fix vulnerabilities? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
