Описание
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
A flaw was found in the cluster join procedure in Hazelcast. This flaw allows an attacker to gain remote code execution via Java deserialization.
Отчет
The module vertx-hazelcast is not supported in Red Hat OpenShift Application Runtimes (RHOAR) products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Fuse 6 | hazelcast | Affected | ||
| Red Hat OpenShift Application Runtimes | hazelcast | Will not fix | ||
| Red Hat Fuse 7.4.0 | hazelcast | Fixed | RHSA-2019:2413 | 08.08.2019 |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
In Hazelcast before 3.11, the cluster join procedure is vulnerable to ...
8.1 High
CVSS3