What is the severity of CVE-2018-8018?

The severity of CVE-2018-8018 is critical with a CVSS score of 9.8.

How does CVE-2018-8018 affect Apache Ignite?

CVE-2018-8018 affects Apache Ignite versions before 2.4.8 and 2.5.x before 2.5.3.

What is the vulnerability in CVE-2018-8018?

The vulnerability in CVE-2018-8018 is a serialization mechanism that does not have a list of allowed classes, allowing for arbitrary code execution.

Can the vulnerability in CVE-2018-8018 be exploited remotely?

Yes, the vulnerability in CVE-2018-8018 can be exploited remotely.

How can I fix CVE-2018-8018?

To fix CVE-2018-8018, upgrade to Apache Ignite version 2.6 or above.

Vulnerability/
CVE-2018-8018

critical

9.8

CWE

502

19/7/2018

16/10/2018

5/8/2024

CVE-2018-8018

First published: Thu Jul 19 2018(Updated: )

Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache Ignite	<2.4.8
Apache Ignite	>2.5.0<2.5.3
redhat/ignite	<2.6	2.6
maven/org.apache.ignite:ignite-core	<2.6	2.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-8018?
The severity of CVE-2018-8018 is critical with a CVSS score of 9.8.
How does CVE-2018-8018 affect Apache Ignite?
CVE-2018-8018 affects Apache Ignite versions before 2.4.8 and 2.5.x before 2.5.3.
What is the vulnerability in CVE-2018-8018?
The vulnerability in CVE-2018-8018 is a serialization mechanism that does not have a list of allowed classes, allowing for arbitrary code execution.
Can the vulnerability in CVE-2018-8018 be exploited remotely?
Yes, the vulnerability in CVE-2018-8018 can be exploited remotely.
How can I fix CVE-2018-8018?
To fix CVE-2018-8018, upgrade to Apache Ignite version 2.6 or above.

collector/nvd-index
agent/type
agent/first-publish-date
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-8018
agent/software-canonical-lookup
collector/github-advisory-latest
source/GitHub
alias/GHSA-qcjv-wfcg-mmpr
agent/severity
agent/last-modified-date
agent/description
agent/softwarecombine
agent/event
collector/nvd-cve
source/NVD
agent/author
agent/references
collector/github-advisory
agent/tags
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache ignite
package-manager/redhat
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.