Описание
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 8.4.4 (исключая)
cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
Конфигурация 3
cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:*
EPSS
Процентиль: 28%
0.001
Низкий
4.4 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.4
redhat
больше 2 лет назад
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
CVSS3: 6.5
github
около 2 лет назад
Infinispan circular object references causes out of memory errors
EPSS
Процентиль: 28%
0.001
Низкий
4.4 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
NVD-CWE-Other