CVE-2017-7686: Information Exposure

June 28, 2017 (updated July 6, 2017)

Apache Ignite uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some properties might contain user sensitive information.

References

www.securityfocus.com/bid/99292
nvd.nist.gov/vuln/detail/CVE-2017-7686

Detect and mitigate CVE-2017-7686 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →