CVE-2024-44088

Name of the Vulnerable Software and Affected Versions Apache Geode versions prior to 1.15.2

Description A malicious script injection issue exists in the Apache Geode web-api (REST). An attacker can trick a logged-in user into clicking a specially-crafted link, leading to code execution on the returned page. This could result in the theft of the user's session information and potential account takeover. The vulnerability impacts the REST API.

Recommendations Upgrade to version 1.15.2, which resolves the issue.