VYPR
Moderate severityNVD Advisory· Published Oct 25, 2022· Updated May 9, 2025

Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application

CVE-2022-34870

Description

Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.geode:geode-coreMaven
< 1.15.11.15.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.