Medium severity5.3NVD Advisory· Published Jan 10, 2018· Updated Jun 17, 2026
CVE-2017-9796
CVE-2017-9796
Description
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.geode:geode-coreMaven | >= 1.0.0, < 1.3.0 | 1.3.0 |
Affected products
2- Apache Software Foundation/Apache Geodev5Range: 1.0.0 to 1.2.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-q7cp-r6cj-hpf5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-9796ghsaADVISORY
- issues.apache.org/jira/browse/GEODE-3248ghsaWEB
- lists.apache.org/thread.html/e580d22195b6b61ff9cf866ac6dd6fe16e790ff0e14a3b1a22cd20b1@%3Cuser.geode.apache.org%3EghsaWEB
- lists.apache.org/thread.html/e580d22195b6b61ff9cf866ac6dd6fe16e790ff0e14a3b1a22cd20b1%40%3Cuser.geode.apache.org%3Envd
News mentions
0No linked articles in our index yet.