Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. References: http://www.openwall.com/lists/oss-security/2020/06/03/2 https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1963