A high-severity vulnerability has been discovered in Apache Ignite, a popular open-source distributed database for high-performance computing. The vulnerability, tracked as CVE-2024-52577 and assigned a CVSSv4 score of 9.5, could allow a remote attacker to execute arbitrary code on vulnerable Ignite servers.
The flaw affects Apache Ignite versions from 2.6.0 and before 2.17.0. It stems from the improper handling of class serialization filters for certain Ignite endpoints. An attacker could exploit this vulnerability by crafting a malicious Ignite message containing a vulnerable object and sending it to a susceptible server.
“Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side,” the security advisory warns. This could give the attacker significant control over the affected system, potentially leading to data breaches, service disruptions, or even complete system compromise.
The Apache Ignite team has addressed this vulnerability in version 2.17.0. Users of affected versions are strongly urged to upgrade to the latest release as soon as possible.
Organizations and individuals relying on Apache Ignite should prioritize applying the necessary updates to protect their systems from potential attacks.
