Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN555
_____________________________________________________________________

DATE                : 28/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache ignite versions prior to
                                      2.18.0.

=====================================================================
https://lists.apache.org/thread/hgct6918sowd8l58yjohryhpxx81t4n1
_____________________________________________________________________

[CVE-2025-48977] Rest Http default Arbitrary file read vulnerability
Hi all!

I am glad to announce that CVE-2025-48977 vulnerability has been
fixed in the ignite release 2.18.0

Mentioned vulnerability allowed authenticated REST API users to read
any file on the server with "cmd=log" command and a log path crafted
in a certain way.

Regards,
Evgeniy Stanilovskiy on behalf of the Apache Ignite community.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================