-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.geode:geode-core | maven | >= 1.0.0, < 1.3.0 | 1.3.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from insufficient authorization during OQL method invocation. The DefaultQuery.execute() entry point processes user-provided queries, while MethodDispatch.invoke() handles method calls. Pre-patch, these functions did not validate() method execution against security policies. The JIRA ticket GEODE-3247 and CVE description confirm the addition of validation logic (MethodInvocationAuthorizer) in 1.3.0, directly implicating these functions as the vulnerable execution path.
JavaJavaOngoing coverage of React2Shell