Описание
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Data Grid 8 | infinispan-server | Affected | ||
| Red Hat Data Grid 8.4.4 | Fixed | RHSA-2023:5396 | 28.09.2023 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-1047
https://bugzilla.redhat.com/show_bug.cgi?id=2240999infinispan: circular reference on marshalling leads to DoS
EPSS
Процентиль: 28%
0.001
Низкий
4.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.4
nvd
около 2 лет назад
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
CVSS3: 6.5
github
около 2 лет назад
Infinispan circular object references causes out of memory errors
EPSS
Процентиль: 28%
0.001
Низкий
4.4 Medium
CVSS3