Description
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.
Remediation
References
https://lists.apache.org/thread.html/e580d22195b6b61ff9cf866ac6dd6fe16e790ff0e14a3b1a22cd20b1%40%3Cuser.geode.apache.org%3E
Related Vulnerabilities
CVE-2017-16206 Vulnerability in npm package cofee-script
CVE-2017-16081 Vulnerability in npm package cross-env.js
CVE-2016-10519 Vulnerability in npm package bittorrent-dht
CVE-2018-1000600 Vulnerability in maven package com.coravy.hudson.plugins.github:github
CVE-2018-1334 Vulnerability in maven package org.apache.spark:spark-core_2.10