-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.geode:geode-core | maven | = 1.1.0 | 1.1.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing DATA:READ permission checks during OQL query execution via Pulse. The primary suspect is the authorization subsystem in geode-core responsible for validating permissions for query operations. The QueryAndMethodInvocationAuthorizer.authorize method is a core security function that would handle OQL authorization, and AuthorizeRequestPP.authorize is a known security enforcement point for distributed operations. Both would appear in stack traces when processing Pulse data browser requests. While the exact patch details are unavailable, the CVE description and Apache Geode's security architecture strongly suggest these functions as the location of the missing permission check.
JavaJavaOngoing coverage of React2Shell