Description
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
Remediation
References
http://www.securityfocus.com/bid/103205
https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E
Related Vulnerabilities
CVE-2019-10398 Vulnerability in maven package org.jenkins-ci.plugins:beaker-builder
CVE-2019-10405 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-39176 Vulnerability in npm package detect-character-encoding
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-ldap-client-all
CVE-2020-2204 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader