Description
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
Remediation
References
http://seclists.org/oss-sec/2017/q2/31
http://www.securityfocus.com/bid/97509
Related Vulnerabilities
CVE-2020-35490 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-48285 Vulnerability in maven package org.webjars.npm:github-com-stuk-jszip
CVE-2020-11023 Vulnerability in npm package jquery
CVE-2019-16775 Vulnerability in npm package bin-links
CVE-2021-27905 Vulnerability in maven package org.apache.solr:solr-core