Andrey Bazhenov

**Name of the Vulnerable Software and Affected Versions** GridGain versions prior to 1.7.16 GridGain versions 1.8.x prior to 1.8.12 GridGain versions 1.9.x prior to 1.9.7 GridGain versions 8.x prior to 8.1.5 **Description** The issue allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. This is due to a directory traversal vulnerability in the Visor GUI Console. **Recommendations** For GridGain versions prior to 1.7.16, update to version 1.7.16 or later. For GridGain versions 1.8.x prior to 1.8.12, update to version 1.8.12 or later. For GridGain versions 1.9.x prior to 1.9.7, update to version 1.9.7 or later. For GridGain versions 8.x prior to 8.1.5, update to version 8.1.5 or later.