aerospike

Downloads Resources over HTTP

Severity: high

Overview

Affected versions of aerospike insecurely download an executable over an unencrypted HTTP connection.

In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running aerospike.

Remediation

Update to version 2.4.2 or later

Vulnerable versions

1.0.0
5 years ago
1.0.1
4 years ago
1.0.2
4 years ago
1.0.3
4 years ago
1.0.4
4 years ago
1.0.5
4 years ago
1.0.6
4 years ago
1.0.7
4 years ago
1.0.8
4 years ago
1.0.9
4 years ago
1.0.10
4 years ago
1.0.11
4 years ago
1.0.12
4 years ago
1.0.14
4 years ago
1.0.15
4 years ago
1.0.16
4 years ago
1.0.18
4 years ago
1.0.19
4 years ago
1.0.21
4 years ago
1.0.22
4 years ago
1.0.23
4 years ago
1.0.24
4 years ago
1.0.25
4 years ago
1.0.26
4 years ago
1.0.27
4 years ago
1.0.28
4 years ago
1.0.29
4 years ago
1.0.30
4 years ago
1.0.31
3 years ago
1.0.34
3 years ago
1.0.35
3 years ago
1.0.36
3 years ago
1.0.37
3 years ago
1.0.38
3 years ago
1.0.39
3 years ago
1.0.40
3 years ago
1.0.41
3 years ago
1.0.42
3 years ago
1.0.43
3 years ago
1.0.44
3 years ago
1.0.45
3 years ago
1.0.47
3 years ago
1.0.48
3 years ago
1.0.49
3 years ago
1.0.50
3 years ago
1.0.51
3 years ago
1.0.52
3 years ago
1.0.53
3 years ago
1.0.54
3 years ago
1.0.55
3 years ago
1.0.56
3 years ago
1.0.57
2 years ago
2.0.0
2 years ago
2.0.1
2 years ago
2.0.2
2 years ago
2.0.3
2 years ago
2.0.4
2 years ago
2.1.0
2 years ago
2.1.1
2 years ago
2.2.0
2 years ago
2.3.0
2 years ago
2.3.1
2 years ago
2.4.0
2 years ago
2.4.1
2 years ago
1.0.58
2 years ago

Unaffected versions

2.0.0-alpha.1
2 years ago
2.0.0-alpha.2
2 years ago
2.0.0-alpha.3
2 years ago
2.4.2
2 years ago
2.4.3
2 years ago
2.4.4
2 years ago
2.5.0
a year ago
2.5.1
a year ago
2.5.2
a year ago
2.6.0
a year ago
2.7.0
a year ago
2.7.1
a year ago
2.7.2
a year ago
3.0.0
a year ago
3.0.1
10 months ago
3.0.2
10 months ago
3.1.0
8 months ago
3.1.1
7 months ago
3.2.0
6 months ago
3.3.0
4 months ago
3.4.0
2 months ago
3.5.0
a month ago

Advisory timeline

  1. published

    Advisory published
    Dec 6th, 2016
  2. reported

    Nov 30th, 2016