Description
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
Remediation
References
http://seclists.org/oss-sec/2017/q2/31
http://www.securityfocus.com/bid/97509
Related Vulnerabilities
CVE-2021-41571 Vulnerability in maven package org.apache.pulsar:pulsar
CVE-2020-2168 Vulnerability in maven package org.jenkins-ci.plugins:azure-acs
CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-broker
CVE-2023-51656 Vulnerability in maven package org.apache.iotdb:iotdb-server