Описание
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
EPSS
4.2 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
EPSS
4.2 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2