Description
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
Remediation
References
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html
http://www.securityfocus.com/bid/99292
Related Vulnerabilities
CVE-2017-3200 Vulnerability in maven package org.graniteds:granite-generator
CVE-2016-10680 Vulnerability in npm package adamvr-geoip-lite
CVE-2016-1000346 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2018-1000632 Vulnerability in maven package dom4j:dom4j
CVE-2023-31718 Vulnerability in npm package @frangoteam/fuxa