CVE-2017-15695 Apache Geode remote code execution vulnerability
Vendor: The Apache Software Foundation
Versions Affected: Apache Geode 1.0.0 through 1.4.0
When a Geode server is configured with a security manager, a user with
DATA:WRITE privileges is allowed to deploy code by invoking an
internal Geode function. This allows remote code execution. Code
deployment should be restricted to users with DATA:MANAGE privilege.
Users of the affected versions should upgrade to Apache Geode 1.5.0 or later.
This issue was reported responsibly to the Apache Geode Security Team
by Dan Smith from Pivotal Software.