Описание
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Data Grid 6 | hotrod-client | Under investigation | ||
| Red Hat JBoss Data Grid 7.1 | Fixed | RHSA-2017:3244 | 16.11.2017 | |
| Red Hat Single Sign-On 7.2.1 zip | Fixed | RHSA-2018:0501 | 13.03.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
3.6 Low
CVSS2
Связанные уязвимости
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
EPSS
4.2 Medium
CVSS3
3.6 Low
CVSS2